SA540 and Cisco IPSec client

Linksys, Netgear, sonicwall, ect. Webbase configurations for firewalls. Web filting traffic shaping.
Post Reply
Guest

SA540 and Cisco IPSec client

Post by Guest » Sat Jul 03, 2010 1:33 am

Hello,

 

I have a Cisco SA540 running the latest 2.1.18 firmware. This firmware supports the Cisco VPN Client and it works quite well with Apple Mac OS X and iPhone. It seems that as a default, the SA IPSec server provides split tunneling: subnets on the LAN side of the SA are accessed from the client through the IPSec tunnel, and other networks are directly accessed. This behavior is fine for me.

 

Now, here is my problem. The SA firmware does not seem to support split DNS, i.e. I found no way to give the address of a LAN DNS server to a client connecting to through the IPSec tunnel. So a client must know the real IP addesses of the hosts it wants to access on the remote LAN. Please, does anybody know a way to inform an IPSec client of the address of a DNS server running on the private LAN?

 

In other words, I would like to find a way to do what the following IOS commands bold do:

 

...

ip access-list extended mysplitacl
  permit ip 192.168.1.0 0.0.0.255 any

...

crypto isakmp client configuration group myvpngroup
  ...
  dns 192.168.1.x
  domain mylocaldomainname
  acl mysplitacl
  save-password
  split-dns mylocaldomainname
  ...

...

 

Best regards,

Xavier


Guest

Re:SA540 and Cisco IPSec client

Post by Guest » Sat Jul 03, 2010 1:38 am

Hi Xavier,

 

Currently (in firmware 2.1.18) SA500 does not support split DNS for Cisco VPN clients. Though I cannot discuss the feature roadmap but this feature is to be added in the coming releases.

 

Thanks,

Nitin.


Guest

Re:SA540 and Cisco IPSec client

Post by Guest » Sat Jul 03, 2010 2:27 am

Hi Nitin,

 

I thank you very much for your reply and for the information.

 

Best regards,

Xavier


Post Reply