Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
5
Helpful
1
Replies

anyconnect with google dns

junsung kim
Level 1
Level 1

‎04-18-2020 11:49 AM

Hi everyone.

If I set DNS value 8.8.8.8 in the group policy

A DNS query goes to a tunnel.

I hope that the DNS query goes to the internet directly.

But I don't know how to do it.

 

thank you in advance

best regards

Labels:
0 Helpful
1 Reply 1

Sheraz.Salim
VIP
VIP

‎04-18-2020 11:59 AM - edited ‎04-18-2020 12:00 PM

if you set up a DNS entry 8.8.8.8 in group-policy and when you connect from end client (using anyconnect) once the anyconnet is authenticate it will download the routing table as defined in split-tunnel and also download the DNS entry ip address. therefore in your case the request will come to the ASA inside tunnel (anyconnect).

 

now if you want to test this. here

To capture tunnel interface traffic you have to run following command on cmd of windows system. The cmd should be open using administrator privilege.

net stop npf
net start npf

a1.PNGa2.PNG

now doing a wireshak cap you can see if your DNS request is going into anyconnect tunnel to your firewall.

please do not forget to rate.
Customers Also Viewed These Support Documents