re: dns route ralayed by vpn concentrator not reachable
i am working on a setup wherein we have configured remote access vpn for our customers using a vpn concentrator 30xx series herein we are able to establish the ipsec tunnel and reach all the subnets on the inside of the concentrator however the dns route relayed or pushed from the concentrator to the client is not reachable ,we have a pix firewall behind the concentrator which has been configured to allow all the traffic coming in from the ipsec endpoints , when i check the routes on the endpoint device that is the vpn client machine i have a dns route with the tunnel gateway as the next hop except this specific route i have a default route on the client as well , the catch herein is that when i remove the specific dns route i am able to reach the dns server which was earlier unreachable , i am able to reach the dns server by means of the default route which has the same next hop as the specific route mentioned earlier.just need to clarify whether i have missed any configuration on the concentrator.
Re: re: dns route ralayed by vpn concentrator not reachable
There could be no specific reason for this as source and destination address in IP is going to remain the same in either case.Is the DNS request traffic from the client reaching the concentrator when specific route is mentioned. If not for the specific route set the next hop as Interface if ip address was mentioned before else set the ip address as next hop if interface was mentioned before.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...