Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 6, 2011, 06:29 AM   #1
gopherhockey
macrumors regular
 
Join Date: Apr 2010
IPSec VPN - not using DNS server given

I have an IPSec VPN set up into the Cisco VPN at corporate. It logs in just fine and presents me with an IP address and a DNS address.

The problem is, this dns address (internal to my company) is not used. So for example, if I go to an internal sharepoint site, it finds nothing.

If I take the DNS IP and manually add it as the first entry on my regular ethernet connection, it works. However, if my computer locks out then it won't authenticate me back (now its not finding my internal directory server apparently)

It seems like I'm presented with two routes but the necessary routing to properly use the two are not done correctly. Asked our network guys and they "don't support Macs" of course.

My internal network is 10.2.1.X My dns is 10.2.1.3 and 10.2.1.7

My company wants to give me 10.23.0.12 as the dns server address.

I'm handed a 10.23.128.10 IP for the corporate VPN. (Note I have this exact same issue when using the VPN from an iphone or ipad, I have to manually add the dns server given to the front of my entries)

Here is a bit of the routing table:


Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.2.1.51 UGSc 58 0 en0
default utun0 UCSI 5 0 utun0
5 link#7 UC 2 0 ham0
5.48.226.186 f6:5:6f:f7:4:44 UHLWI 0 2 lo0
5.255.255.255 link#7 UHLWbI 2 123393 ham0
10 10.23.128.10 UGSc 3 11 utun0
10.2.1/24 link#4 UCS 21 0 en0
10.2.1.2 0:15:5d:a:2:d UHLWI 1 1463074 en0 1188
10.2.1.3 0:15:5d:1:23:3 UHLWI 38 233669 en0 1159
10.2.1.4 0:11:32:7:86:35 UHLWI 2 21271910 en0 676
10.2.1.5 0:11:32:6:b6:60 UHLWI 1 56386399 en0 883
10.2.1.7 0:11:25:f6:4d:3d UHLWI 0 47090 en0 1144
(a bunch more 10.2 addresses here...)
10.23.128.10 10.23.128.10 UH 6 0 utun0
10.37.129/24 link#9 UC 2 0 vnic1
10.37.129.2 0:1c:42:0:0:9 UHLWI 0 2 lo0
10.37.129.255 link#9 UHLWbI 4 123392 vnic1
10.211.55/24 link#8 UC 2 0 vnic0
10.211.55.2 0:1c:42:0:0:8 UHLWI 0 2 lo0
10.211.55.255 link#8 UHLWbI 2 123392 vnic0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 4 1964021 lo0
169.254 link#4 UCS 1 0 en0
169.254.9.236 link#4 UHLW 2 35 en0
172.16/12 10.23.128.10 UGSc 0 0 utun0
192.168.0/16 10.23.128.10 UGSc 0 0 utun0
204.89.40.42 10.2.1.51 UGHS 0 0 en0
gopherhockey is offline   0 Reply With Quote
Old Mar 7, 2011, 05:36 AM   #2
lifeonthedf
macrumors newbie
 
Join Date: Mar 2011
Location: Oregon
IPSEC VPN - DNS Fix

gopherhockey,

I encountered the same issue.

In order to fix this you need access to the firewall in my case an ASA5510.

Assuming you have access or can request the change do the following:

In the ASDM

Configuration -> Remote Access VPN ->Network (Client) Access -> Group Policies

What I did here was duplicate my current group policy in order to make this specific for mac users.

Once this is done, edit the group policy.

Expand Advanced and select Split Tunneling.

If the DNS Names is checked 'Inherit', uncheck it and specify the domains.

Example:

DNS Names: [ ]Inherirt [example.com exmaple2.com example3.com]

Note: domain names can be delimited by space,comma, or semicolon

Hope this helps you out!

Last edited by lifeonthedf; Mar 7, 2011 at 05:43 AM.
lifeonthedf is offline   1 Reply With Quote
Old Mar 7, 2011, 07:31 PM   #3
gopherhockey
Thread Starter
macrumors regular
 
Join Date: Apr 2010
I'll pass this along to the network team - thanks for the tip, seems to make sense. I'll post up if it works.
gopherhockey is offline   0 Reply With Quote
Old Sep 6, 2013, 08:55 AM   #4
amuso
macrumors newbie
 
Join Date: Sep 2013
Thanks for this tip! I've implemented this here on our Cisco firewall and now both iOS and Mac OS users can easily navigate sites with hostnames. You made the day, weekend and month!
amuso is offline   0 Reply With Quote
Old Sep 7, 2013, 02:32 AM   #5
art21974
macrumors newbie
 
Join Date: Sep 2013
I thought I was just me!

I ended up taking my laptop to work today to test if it would work there and it did.
When I brought it home, everything worked perfectly.
art21974 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
thread Thread Starter Forum Replies Last Post
Using Lion Server to sync Logic project folders andrewjthrelfo Mac OS X Server, Xserve, and Networking 3 Oct 17, 2011 02:16 PM
iPhone 3G - Screen stays black during AND after call - not using a case! trenty12 iPhone Tips, Help and Troubleshooting 0 Jul 31, 2011 07:55 AM
Hosting Multiple Websites on 10.6 Server dantiston Mac OS X Server, Xserve, and Networking 8 Jul 24, 2011 03:09 PM
MacBook Pro not grabbing DNS server info from DHCP polaris20 Mac OS X Server, Xserve, and Networking 5 Jun 23, 2010 11:19 PM
Internet extremely slow - not a DNS issue - help! polisciguy12 OS X 3 Nov 14, 2008 08:19 AM


All times are GMT -5. The time now is 11:46 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC