From: Richard Dumoulin (Richard.Dumoulin@vanco.fr)
Date: Wed Jun 29 2005 - 22:39:41 GMT-3
I have seen it work as you describe and also as I said depending on the
client version. There is a bug that explains this
http://www.cisco.com/en/US/products/sw/secursw/ps2308/prod_release_note09186
a00802d1eb7.html#wp1371781
<http://www.cisco.com/en/US/products/sw/secursw/ps2308/prod_release_note0918
6a00802d1eb7.html#wp1371781>
Thx
-- Richard
-----Original Message-----
From: Christopher M. Heffner [mailto:cheffner@certified-labs.com]
Sent: Thursday, June 30, 2005 3:05 AM
To: Richard Dumoulin; ccielab@groupstudy.com
Subject: RE: split dns
I see what you mean by the default value of the split-dns saying that all
dns queries would go to the public dns server by default.
I would have to set this up but I believe that if you setup the dns server
value as part of the mode configuration then the dns server ip address via
the vpn tunnel should send all dns queries via the tunnel.
Can any one verify this in a quick setup test?
If not I will test over the weekend if someone else does not verify the
answer sooner.
Later.
Christopher M. Heffner, CCIE 8211, CCSI 98760
Strategic Network Solutions, Inc.
VP of Internetworking Technologies
www.certified-labs.com <http://www.certified-labs.com/>
"Complete CCIE R&S and Security Online Rack Rentals"
_____
From: Richard Dumoulin [mailto:Richard.Dumoulin@vanco.fr]
Sent: Wednesday, June 29, 2005 8:57 PM
To: Christopher M. Heffner; ccielab@groupstudy.com
Subject: RE: split dns
I know but look:
Defaults
wp1138760All domain names are resolved via the public DNS server.
In the following link:
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products_feat
ure_guide09186a0080087d1e.html#wp1138749
<http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products_fea
ture_guide09186a0080087d1e.html#wp1138749>
-- Richard
-----Original Message-----
From: Christopher M. Heffner [mailto:cheffner@certified-labs.com]
Sent: Thursday, June 30, 2005 2:19 AM
To: Richard Dumoulin; ccielab@groupstudy.com
Subject: RE: split dns
wp1092340Step 5
wp1092342dns primary-server secondary-server
wp1092343Example:
wp1092344Router (config-isakmp-group)# dns 10.2.2.2 10.3.3.3
wp1092346(Optional) Specifies the primary and secondary DNS servers for the
group.
wp1110230Step 10
wp1110232split-dns domain-name
wp1110246Example:
wp1110244Router (config-isakmp-group)# split-dns green.com
wp1110234Specifies a domain name that must be tunneled or resolved to the
private network.
Here is the syntax and explanation in the Cisco IOS configuration guide for
split-dns configuration.
HTH,
Christopher M. Heffner, CCIE 8211, CCSI 98760
Strategic Network Solutions, Inc.
VP of Internetworking Technologies
www.certified-labs.com <http://www.certified-labs.com/>
"Complete CCIE R&S and Security Online Rack Rentals"
_____
From: Richard Dumoulin [mailto:Richard.Dumoulin@vanco.fr]
Sent: Wednesday, June 29, 2005 8:04 PM
To: Christopher M. Heffner; ccielab@groupstudy.com
Subject: RE: split dns
Christopher thx for the reply. The doc says that by default the dns queries
go through the Internet,
-- Richard
-----Original Message-----
From: Christopher M. Heffner [mailto:cheffner@certified-labs.com
<mailto:cheffner@certified-labs.com> ]
Sent: Thursday, June 30, 2005 1:56 AM
To: Richard Dumoulin; ccielab@groupstudy.com
Subject: RE: split dns
Setup the Easy VPN Server to pass the DNS parameter via the mode
configuration phase 1 message.
Once the client has the DNS server ip address then by default all DNS
queries will go only to that server.
The fun part is when you want only certain dns queries to go to the
corporate dns server via the vpn tunnel and then the remaining dns
queries to go to the ISP.
In this case you then need to setup the split-dns rule for which domain
and/or sub-domains for the dns queries should go to the VPN DNS server.
HTH,
Christopher M. Heffner, CCIE 8211, CCSI 98760
Strategic Network Solutions, Inc.
VP of Internetworking Technologies
www.certified-labs.com
"Complete CCIE R&S and Security Online Rack Rentals"
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com
<mailto:nobody@groupstudy.com> ] On Behalf Of
Richard Dumoulin
Sent: Wednesday, June 29, 2005 4:42 PM
To: ccielab@groupstudy.com
Subject: split dns
Anyone knows how to make a VPN client send his DNS requests only via the
IPSec tunnel in an Easy VPN environment?
Thx
-- Richard
**********************************************************************
Any opinions expressed in the email are those of the individual and not
necessarily the company. This email and any files transmitted with it
are confidential and solely for the use of the intended recipient. If
you are not the intended recipient or the person responsible for
delivering it to the intended recipient, be advised that you have
received this email in error and that any dissemination, distribution,
copying or use is strictly prohibited.
If you have received this email in error, or if you are concerned with
the content of this email please e-mail to:
e-security.support@vanco.info
The contents of an attachment to this e-mail may contain software
viruses which could damage your own computer system. While the sender
has taken every reasonable precaution to minimise this risk, we cannot
accept liability for any damage which you sustain as a result of
software viruses. You should carry out your own virus checks before
opening any attachments to this e-mail.
**********************************************************************
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:46 GMT-3