ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Cisco Anyconnect nslookup Issue

    IT Discussion
    cisco any connect
    3
    6
    4.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sreekumarpg
      last edited by

      Hi All,

      We are using cisco anyconnect VPN for connecting to corporate network . Currently we are facing an issue with nslookup while in any connect VPN. The issue is that we can get the ip address using internal DNS when we are connected to LAN and while in anyconnect VPN we are not able.

      The output of nslookup while in any connect which use our internal DNS


      C:\Users$reeKumar>nslookup google.com
      Server: skovads1.mydomainname.net
      Address: 10.10.4.1

      *** skovads1.mydomainname.net can't find google.com: Non-existent domain

      The output of nslookup while in corporate workstation which use our internal DNS


      C:\Users$reeKumar>nslookup google.com 8.8.8
      Server: skovads1.mydomainname.net
      Address: 10.10.4.1

      Non-authoritative answer:
      Name: google.com
      Addresses: 2404:6800:4007:801::1008
      74.125.236.40
      74.125.236.39
      74.125.236.36

      **Second Issue ⭐ **

      From any connect VPN

      C:\Users$reeKumar>nslookup xxx.mydomainname.net
      Server: skovads1.mydomainname.net
      Address: 10.10.4.1

      Name: sadcpv1.mydomainname.net
      Address: 10.8.3.1
      Aliases: xxx.mydomainname.net

      C:\Users$reeKumar>nslookup xxx.mydomainname.net 4.2.2.2
      Server: UnKnown
      Address: 4.2.2.2

      *** UnKnown can't find xxx.mydomainname.net: Non-existent domain

      From Workstation in LAN


      C:\Users$reeKumar>nslookup xxx.mydomainname.net
      Server: skovads1.mydomainname.net
      Address: 10.10.4.1

      Name: sadcpv1.mydomainname.net
      Address: 10.8.3.1
      Aliases: xxx.mydomainname.net

      C:\Users$reeKumar>nslookup xxx.mydomainname.net 4.2.2.2
      Server: b.resolvers.Level3.net
      Address: 4.2.2.2

      Non-authoritative answer:
      Name: xxx.mydomainname.net
      Address: 186.58.80.43

      Any thoughts 😕

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        Are you using split tunneling or full tunneling?

        What is the VPN server? are you pushing out the DNS server(s) to the clients?

        1 Reply Last reply Reply Quote 0
        • S
          sreekumarpg
          last edited by

          We are using split tunnel , Cisco ASA 5510 is the VPN box

          T 1 Reply Last reply Reply Quote 0
          • T
            thanksajdotcom @sreekumarpg
            last edited by

            @sreekumarpg said:

            We are using split tunnel , Cisco ASA 5510 is the VPN box

            Check the DNS settings being handed out to VPN clients?

            1 Reply Last reply Reply Quote -1
            • S
              sreekumarpg
              last edited by

              Thanks all.

              It was a miss configuration in Remote Access VPN Group Policy.

              I have added local DNS and external DNS (google DNS) in the group policy DNS Server , then Inherit the DNS names in Split Tunneling and disable send all DNS lookups through Tunnel .

              Now the nslookup work like charm in any connect vpn 😃

              T 1 Reply Last reply Reply Quote 2
              • T
                thanksajdotcom @sreekumarpg
                last edited by

                @sreekumarpg said:

                Thanks all.

                It was a miss configuration in Remote Access VPN Group Policy.

                I have added local DNS and external DNS (google DNS) in the group policy DNS Server , then Inherit the DNS names in Split Tunneling and disable send all DNS lookups through Tunnel .

                Now the nslookup work like charm in any connect vpn 😃

                Glad it was fixed!

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post