I have MAC VPN clients that successfully connect to an ASA5520. The ASA5520 is running 7.2(4) software. The MAC client is running 4.9.01 (0080) software. The clients are serviced internal IP addresses from the ASA5520 that are out of the range of our dhcp server serves to client. The DNS servers and domain are supplied within the Group Policy configuration. Clients can successfully browse internal websites no problem. Clients that need to browse external websites are extremely slow. Clients are required to browse websites through our infrastructure. Inside the routing configuration I configured a "tunneled" route I think routes all VPN clients out our company's Internet path. Is this what "tunneled" route means? Next I looked at the ASA log and see that these clients are trying to access their ISP's DNS server for external sites 1st, then they query the internal DNS servers. I of course, only allow our internal DNS servers to query external DNS servers. Why isn't the client querying our DNS servers only?
Last question, I tried using our DHCP server to serve VPN clients, but I was running into a problem with client not receiving the DNS servers from the DHCP server. The end goal would be to get the clients to successfully obtain DHCP information and to be able to browse internal and external websites.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...