[VPN] Re: Cisco VPN and split DNS

Aleksander.Boh at gov.si Aleksander.Boh at gov.si
Wed Apr 12 03:03:52 EDT 2006 

I use Juniper NS FW where proxy DNS is possible to set up.  The other way
is split VPN and third way is to use soft VPN client, and setup split tunel
using modeconfig option (DHCP inside vpn tunel).

AB


|---------+------------------------------------------------->
|         |           "Lee Sweet" <lee at datatel.com>         |
|         |           Pošiljatelj:                          |
|         |           vpn-bounces+aleksander.boh=gov.si at list|
|         |           s.shmoo.com                           |
|         |                                                 |
|         |                                                 |
|         |           11.04.2006 13:18                      |
|         |                                                 |
|---------+------------------------------------------------->
  >---------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                           |
  |       Za:       vpn at lists.shmoo.com                                                                                       |
  |       kp:                                                                                                                 |
  |       Zadeva:   [VPN] Re: Cisco VPN and split DNS                                                                         |
  >---------------------------------------------------------------------------------------------------------------------------|




Thanks for the several replies.  (1) These are set by groups and we
have them set that way.  The config is so simple it's hard to
understand why it doesn't work (but see below).  (2)  Yes, the best
answer (if we hadn't found the 'real' one) would have been to enter
the local DNS list into the home DNS server, and that's where we were
going, until....

Now, after all that, a colleague found a document somewhere on the
Cisco site saying that Split DNS was turned off in 4.6.03.021.  The
next versions, including 4.6.04.043, which I'm trying now, turn it
back on.  Hm...

All well and good.  We didn't even think that the functionality could
be missing in the release we were using, as we ran this by Cisco and
all they said was to configure it in the concentrator, which is
really one checkmark and one domain entry (the one to be sent down
the tunnel).  I would have hoped that when they heard the version we
were using, a red flag would have popped up.   Guess not.

Thanks, folks!

On 10 Apr 2006 at 11:18, Lee Sweet said:

From:                    "Lee Sweet" <lee at datatel.com>
To:                      vpn at lists.shmoo.com
Date sent:               Mon, 10 Apr 2006 11:18:00 -0400
Subject:                 [VPN] Cisco VPN and split DNS

> Situation:  Branch office of ours needs to connect to home office for
> email and other resources.  They use Cisco VPN client version
> 4.6.03.0021 connecting to Cisco 3000 concentrators.  They also need to
> have simultaneous access to local resources.
8<snip>8>

--
Lee Sweet
Datatel, Inc.
Senior Telephony and Communications Specialist
How higher education does business.

Voice: 703-968-4661
Cell: 703-850-2385
Fax: 703-968-4625
lee at datatel.com
www.datatel.com



_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn

More information about the VPN mailing list