Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
954
Views
0
Helpful
3
Replies

Missing X-CSTP-Split-DNS headers?

Go to solution
nottheoilrig
Level 1
Level 1

‎07-04-2013 08:58 AM

I can successfully connect to my office Cisco AnyConnect VPN but I have some trouble accessing the office network because I can't resolve some private domain names.

The private domains I have problems resolving are like "example.bcgov" I think the problem is that I don't get an 'X-CSTP-Split-DNS: bcgov" header from the VPN gateway, so my client uses my ISP DNS server to resolve these domains (which is wrong).

Here is the output of running "openconnect -s env -v vpn2.gov.bc.ca": http://nottheoilrig.com/networkmanager/201306210/stdout

Is there anything special I need to do to request the "X-CSTP-Split-DNS" headers from the VPN gateway? Can I do anything to confirm that these headers are entirely missing from the gateway's responses? And how should I reconfigure the gateway so it sends these headers?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
3 Replies 3

Go to solution
nottheoilrig
Level 1
Level 1
In response to Marcin Latosiewicz

‎07-04-2013 04:25 PM

Thank you very much Marcin, I shared these details with the VPN administrator.

0 Helpful

Go to solution
nottheoilrig
Level 1
Level 1
In response to Marcin Latosiewicz

‎07-05-2013 10:41 AM

Thanks again for these details Marcin, I shared them with the VPN administrator. He says that the VPN gateway does normally append the "bcgov" suffix to the VPN DNS configuration, but I am still not seeing "bcgov" or X-CSTP-Split-DNS headers anywhere in the responses from the gateway:

http://nottheoilrig.com/networkmanager/201306210/stdout

Is it possible that the "bcgov" domain or X-CSTP-Split-DNS headers are sent only in some responses from the gateway and not others? (Could the gateway be configured with the "bcgov" domain but there is something about my communication with the gateway causing the domain to be omitted from these responses?)

Is there some auxiliary way that the gateway might be configured to append the "bcgov" suffix to the VPN DNS configuration? (Such that I am not seeing it in the responses from the gateway?)  Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents