Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote access VPN Client to PIX, DNS Issue

Hello all.  I have searched on this but I cannot find my answer.

I have set up a VPN connection to a PIX firewall (running version Version 8.0(4)) for my company.  The VPN connection is working correctly, in that I can connect to it using my Cisco VPN Client software (v 5.0.02.0090) and ping internal servers/resources by IP Address. However, if I try to ping by hostname, it does not resolve to an IP Address.  If I open a command prompt on my PC and type ipconfig /all, there are no DNS Servers for my VPN adapter, just for my normal Intel NIC- I think that I should have a DNS server listed under the VPN Adapter, right?  Below are the relevant (I think) lines of config for the VPN:

PIX Version 8.0(4)

domain-name xx.xx

dns domain-lookup inside

dns server-group DefaultDNS

name-server 192.168.20.23

domain-name xx.xx

ip local pool vpnpoolIT 10.10.8.2-10.10.8.254 mask 255.255.255.0

crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac

crypto dynamic-map dyn1 1 set transform-set FirstSet

crypto dynamic-map dyn1 1 set security-association lifetime seconds 28800

crypto dynamic-map dyn1 1 set security-association lifetime kilobytes 4608000

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

tunnel-group ITGroup type remote-access

tunnel-group ITGroup general-attributes

address-pool vpnpoolIT

authentication-server-group RADIUS

tunnel-group ITGroup ipsec-attributes

pre-shared-key *

Is there anything that I am missing?  I can resolve DNS queries on the PIX itself.

All the info I can find online is for an older version of PIX software that says that I should enter the command vpngroup dns-server IP Address, but this command is not available in my version of the software.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Remote access VPN Client to PIX, DNS Issue

Hi,

To define a DNS server to be injected to the VPN clients when they connect, you can do the following:

This is the tunnel-group where the remote connection lands:

tunnel-group ITGroup type remote-access

tunnel-group ITGroup general-attributes

address-pool vpnpoolIT

authentication-server-group RADIUS

tunnel-group ITGroup ipsec-attributes

pre-shared-key *

So, create a group policy:

group-policy VPN internal
group-policy VPN attributes

   dns value x.x.x.x   -->   x.x.x.x will be the IP of the DNS server

Then, apply the group-policy to the tunnel group:

tunnel-group ITGroup general-attributes

  default-group-policy VPN

Hope it helps.

Federico.

4 REPLIES

Re: Remote access VPN Client to PIX, DNS Issue

Hi,

To define a DNS server to be injected to the VPN clients when they connect, you can do the following:

This is the tunnel-group where the remote connection lands:

tunnel-group ITGroup type remote-access

tunnel-group ITGroup general-attributes

address-pool vpnpoolIT

authentication-server-group RADIUS

tunnel-group ITGroup ipsec-attributes

pre-shared-key *

So, create a group policy:

group-policy VPN internal
group-policy VPN attributes

   dns value x.x.x.x   -->   x.x.x.x will be the IP of the DNS server

Then, apply the group-policy to the tunnel group:

tunnel-group ITGroup general-attributes

  default-group-policy VPN

Hope it helps.

Federico.

New Member

Re: Remote access VPN Client to PIX, DNS Issue

You rock, Federico.  I swear, I'm going to name my first born after you.

Thanks for your quick reply and perfect answer.

Re: Remote access VPN Client to PIX, DNS Issue

Please don't do that... it's not your baby's fault :-)

Anyway, i'm very glad that it helped!

Federico.

New Member

Re: Remote access VPN Client to PIX, DNS Issue

Haha, thanks again!

516
Views
0
Helpful
4
Replies
CreatePlease login to create content