• Advertisement

SA540 and Cisco IPSec client

Linksys, Netgear, sonicwall, ect. Webbase configurations for firewalls. Web filting traffic shaping.

SA540 and Cisco IPSec client

Postby Guest » Sat Jul 03, 2010 12:33 am

Hello,

 

I have a Cisco SA540 running the latest 2.1.18 firmware. This firmware supports the Cisco VPN Client and it works quite well with Apple Mac OS X and iPhone. It seems that as a default, the SA IPSec server provides split tunneling: subnets on the LAN side of the SA are accessed from the client through the IPSec tunnel, and other networks are directly accessed. This behavior is fine for me.

 

Now, here is my problem. The SA firmware does not seem to support split DNS, i.e. I found no way to give the address of a LAN DNS server to a client connecting to through the IPSec tunnel. So a client must know the real IP addesses of the hosts it wants to access on the remote LAN. Please, does anybody know a way to inform an IPSec client of the address of a DNS server running on the private LAN?

 

In other words, I would like to find a way to do what the following IOS commands bold do:

 

...

ip access-list extended mysplitacl
  permit ip 192.168.1.0 0.0.0.255 any

...

crypto isakmp client configuration group myvpngroup
  ...
  dns 192.168.1.x
  domain mylocaldomainname
  acl mysplitacl
  save-password
  split-dns mylocaldomainname
  ...

...

 

Best regards,

Xavier

Guest
 

Advertisement

Re:SA540 and Cisco IPSec client

Postby Guest » Sat Jul 03, 2010 12:38 am

Hi Xavier,

 

Currently (in firmware 2.1.18) SA500 does not support split DNS for Cisco VPN clients. Though I cannot discuss the feature roadmap but this feature is to be added in the coming releases.

 

Thanks,

Nitin.

Guest
 

Re:SA540 and Cisco IPSec client

Postby Guest » Sat Jul 03, 2010 1:27 am

Hi Nitin,

 

I thank you very much for your reply and for the information.

 

Best regards,

Xavier

Guest
 



  • Advertisement


Similar topics


Return to Small Business Security

Who is online

Users browsing this forum: No registered users and 1 guest