My understanding is that the DNS settings provided by the VPN endpoint are not merged or inserted in the local TCP stack. As a result, no private host names are resolved.
My workaround for this is to do the following:
In the Network settings, start by duplicating your current location (via "Edit Locations..." menu and in the litle gear menu, invoke "Duplicate Location" and give it a name like "VPN"). I did that initial step because I want to be able to switch back and forth between a VPN-enabled location and my default normal location. If this is not a concern for you, you can skip that initial step. Personally, I don't want my machine to try (and fail) connecting to the private DNS services when I'm not connected.
Once duplicated, switch to it by selecting it in the list. You should see the same list of services in the left panel. Now click the [+] to create a VPN (Cisco IPSec) like you would do normally. Once you entered all required settings, you can Apply the changes and Connect. Once connected to your VPN, you can now do the next steps to fix the host name resolution issue.
Select that VPN service in the left panel and click the Advanced... button in the main dialog in order to see the DNS / Proxies settings. Take note of the listed DNS servers addresses (they should be displayed with a grey colour). You can now cancel that dialog and select your Ethernet service (or Wi-FI service). Click Advanced... on this one and go to its DNS tab, take note again of your current network DNS addresses (again in grey colour). Now is the time to enter all these values in that box. Enter first the VPN DNS addresses and then the non-VPN ones. You can re-order the list with drag & drop too. Once done, you close that dialog and Apply the changes again.
You can now start your browser and test a site living on your private network. Your host's name should be resolved now.
One last note: if your private network has many domains (e.g. *.sub1.company.com, *.sub2.company.com), you may need to add them in the Search Domains box (e.g. sub1.company.com). This is done in the same DNS dialog settings.
I wish that Apple replied to these posts.... It is quite discouraging to see that others have the same problem as I, and yet Apple leaves us to our own devices to find solutions.
This is definately a problem with the Lion version of the VPN client. This functionality worked correctly under Snow Leopard...
drod66's technique worked for me: Duplicate "automatic" location, call it "VPN". Create your VPN config only in the "VPN" location. Define your internal (inside VPN) DNS server IP addresses statically in the VPN location and your ISPs DNS server IP addresses statically in the Automatic location.
Remember, you have to hit "apply" when you switch locations, and if you start the VPN in Automatic, it will bomb off when you switch to VPN.
Baffled why this is still broken in 10.7.3. Believe me, it's a PITA to support corporate VPN users which this breakage.
Is it also broken in non-IPSec clients, like OpenVPN, I wonder?