I've got a Windows Server 2008 R2 AD server that handles DNS for my network.
From the main LAN, DNS works fine. However, when you connect remotely from the VPN, DNS returns internal resources successfully, but external links (i.e. www.google.com) timeout.
Is there a setting I'm missing?
It turned out to be an issue with the VPN Configuration on our ASA.
I had to remove the line:
which was causing the ASA to block requests to our internal DNS servers that were not for our domain. We aren't split tunneling, this must have been a remnant from when we were still using split-tunnel.
Thanks!
On the properties of your VPN connection on your workstation, ensure that the DNS servers are left blank. The VPN connection will inherit these properties (and things like DNS search suffixes) from the VPN server. That way your work station will use its DNS servers that it normally uses when not connected to the VPN to resolve external DNS queries, and yet still be able to resolve internal names too.
when you do an nslookup on the vpn client, does the DNS return the correct record for internal and external resources? Its hard to tell if its a DNS or routing issue based on your description.
If nslookup returns the correct records (which it should) but you can only access internal resources, it's a routing issue. I'm guess in this same routing issue, you've probably configured your VPN client so that all network requests must tunnel through your internet connection, and that the VPN segment doesn't have access to internet eaither through an ACL or specific routing issue.
We use a split tunnle, which works well. Internal DNS server still provide name resolution, but traffic bound for the internal network goes over the VPN where as external traffic goes out the clients internet connection.