You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Cisco IPSec DNS problem

Hi,


MacBook Air

OS X 10.6.7


I created VPN connection.


Interface : VPN

VPN Type : Cisco IPSec


I'm connecting without problem.


Problem is that DNS query doesn't work for internal hosts.

I can't access computers via VPN connection by FQDN or hostnames only via computer IP.


I checked VPN connection and DNS servers are added but it look like that mac don't use it.


Is this bug or I'm doing something wrong?

Is there some update or fix to solve this problem?


Regards,

Darko Bazulj

MacBook Air, Mac OS X (10.6.7)

Posted on May 21, 2011 9:11 AM

Reply
8 replies

May 21, 2011 10:27 AM in response to Zveky

It would be helpful to get the verion of the Cisco VPN software. That said, read this it may help. It describes the DNS challenge with split tunneling and recommends the fix:


"To avoid this problem, remove the ISP-assigned DNS server from the range of the Split Tunneling Network List, or do not configure split DNS. "


Full release notes found here.

Release Notes for VPN Client for Mac OS X, Release 4.9

DNS Server on Private Network with Split DNS Causes Problems

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client4 9/release/notes/49client.html#wp1371781

May 21, 2011 12:25 PM in response to Zveky

Sorry for my misunderstanding.


It appears the only solution is to manually add the DNS entries for the machines you desire to connect to via VPN to your local hosts file.


Check out this post.

https://discussions.apple.com/thread/2163308?start=0&tstart=0


Here's how to edit the hosts file.

http://www.seanlabrie.com/2010/how-to-edit-the-hosts-file-on-a-mac/


If you edit your hosts file locally be sure to back it up before editing in case you fat finger something :-).

May 22, 2011 8:39 AM in response to enough-with-the-marketing

Hi,


thanks for answer.


but that is not very good workaround especially I need access to multiple machines.

So I added VPN DNS servers on my WiFi adapter in front of local DNS server.


And now everrything is working as expected.


But this is then a bug!


Does Apple support monitor this comunity because now I see that many people reported this problem but I didn't find any response from support with their suported workaround or fix.


I'm new in Mac world 🙂 (week 1)


How to report problem and expect that Apple support will answer?

I ask this because I reported some problems about windows on news groups and Microsoft responded with answer.


Also does Apple have something as Technet or MSDN?

http://technet.microsoft.com

http://msdn.microsoft.com

Dec 10, 2014 3:30 AM in response to Zveky

Try this as a workaround and it works for me.


The workaround I have used for this issue is by creating a resolver for the
domain

Example: Using blah.com as the internal domain which should be resolvable
from over the VPN connection:

mkdir /etc/resolver
touch /etc/resolver/blah.com

The contents of /etc/resolver/blah.com would be something like this:

# begin /etc/resolver/blah.com
nameserver IP_ADDRESS_PRIMARY_NAMESERVER
nameserver IP_ADDRESS_OF_SECONDARY_NAMESERVER
# end /etc/resolver/blah.com

Credit - https://groups.google.com/forum/#!topic/macenterprise/I_Zy_0YXbmY

Cisco IPSec DNS problem

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.