Split tunnel VPN not resolving internal hostnames.
Good morning all. I hope someone can point me in the right direction about an issue I'm having with my VPN Server on my Cisco 2621xm.
I started by creating a VPN - everything worked great. I assigned the DNS Servers, Domain name, WINS Server so when I connect I'm able to resolve local hostnames on the network with no problem, however, I had no internet access... I then set up a split tunnel access list. Since I've set that up, I'm now able to ping internet based addresses (www.google.ca), but no longer able to resolve internal host names. I can ping the ip addresses, just name resolution no longer works.
Here is some basic info (hopefully you don't need the whole config).
Internal network address range: 192.168.1.0/25
VPN Network address range: 192.168.2.0/29
DNS Nameserver 192.168.1.55
crypto isakmp policy 1
crypto isakmp client configuration group ChrisVPN
ip access-list extended home_away_split_tunnel
permit ip 192.168.1.0 0.0.0.127 192.168.2.0 0.0.0.7
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.6
If anyone could please provide some input as to what I'm missing of what sort of changes can be made to solve this problem, I would be very greatful.
Re: Split tunnel VPN not resolving internal hostnames.
I've enable split-dns, now everything works great, to a point. Now it seems I lose the VPN connection shortly after its established. I'll connect, everythig works splendidly. I can ping both internal and external host names with no problem, but after about a minute and a half I'm no longer able to ping anything! The VPN client still says its connected, and shortly after I lose the connection. I don't understand why suddenly I'm no longer able to ping anything, then end up losing the connection after making a small change to the config...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :