Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem : ASA VPN issue can't resolve name from local DNS

vpn-dns-issue.png

Cisco ASA VPN issue can't resolve name from local DNS

If i connect via LAN i can resolve name from DNS server normaly but when i connect vpn via internet

case 1 connect vpn use split tunnel for internal ip connect to tunnel and internet serf via local internet [can resolve form dns of connected internet ]

C:\>nslookup normanxak.local

*** Can't find server name for address 192.168.1.2: Non-existent domain
*** Can't find server name for address 192.168.1.18: Non-existent domain
Default Server:  dns1.asianet.co.th
Address:  203.144.207.29

*** dns1.asianet.co.th can't find normanxak.local: Non-existent domain

case 2 connect vpn no use split tunnel

C:\>nslookup
*** Can't find server name for address 192.168.1.2: Non-existent domain
*** Can't find server name for address 192.168.1.18: Non-existent domain
Default Server:  dns1.asianet.co.th
Address:  203.144.207.29

> normanxak.local
Server:  dns1.asianet.co.th
Address:  203.144.207.29

Name:    normanxak.local
Addresses:  192.168.1.18, 192.168.1.17, 192.168.1.2

thank u for best support

Everyone's tags (4)
5 REPLIES
Cisco Employee

Re: Problem : ASA VPN issue can't resolve name from local DNS

In the group-policy you have split-dns setup as "split-dns value 192.168.1.2 192.168.1.18" This is incorrect.The values for the split-dns setting should not be IP addresses -- they need to be the internal domain name that you want to resolve over the tunnel. For example if I wanted my dns request for myhost.cisco.com to go over the tunnel and everything else (like xxxx.google.com or xxxx.yahoo.com) to use my normal Internet DNS server, in the group policy I would have "split-dns value cisco.com"

-heather

New Member

Re: Problem : ASA VPN issue can't resolve name from local DNS

now i remove "

split-dns value 192.168.1.2 192.168.1.18 "

but i can't solve name same...

group-policy BO2VPN internal

group-policy BO2VPN attributes

dns-server value 192.168.1.2 192.168.1.18

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value BO2VPN_splitTunnelAcl

group-policy BO3VPN internal

group-policy BO3VPN attributes

dns-server value 192.168.1.2 192.168.1.18

vpn-tunnel-protocol IPSec

New Member

Re: Problem : ASA VPN issue can't resolve name from local DNS

khahodeka wrote:

now i remove "

split-dns value 192.168.1.2 192.168.1.18 "

but i can't solve name same...

I don't think he meant for you to remove the statement, but instead replace it with:

"split-dns value domain1.local domain2.local"

New Member

Re: Problem : ASA VPN issue can't resolve name from local DNS

Hello,

Try set "asianet.co.th" to default domain under your vpn policy

Kim Eriksen

Field Engineer

Infolink ApS

New Member

Problem : ASA VPN issue can't resolve name from local DNS

Kim Eriksen, the solution worked wor me thanks

Regards

Nitin Mohan

23966
Views
0
Helpful
5
Replies