Anyone has experience with Cisco VPN?

> Our organization uses Cisco VPN, and I notice that when the VPN is
> connected, my DNS server no longer seems to work. I can connect to
> other places via IP numbers, but not via domain names. It's like there
> is no domain name server.
>

This sounds like a misconfiguration in your company's VPN server. I use
Cisco's VPN server all the time (in fact I'm connected now), and don't
have any DNS problems.

> Is there anyway I can configure Cisco VPN not to scarf all network
> traffic? That way, I can still browse, receive emails, and ftp to
> machines without having to disconnect and reconnect the VPN
> connection.

If things are configured correctly, you should be able to do all that
anyways. But to do split tunneling, modify the connection entry you're
using, click the Transport tab, and check Allow Local LAN Access.

Also, I'd recommend getting Shimo (visit Versiontracker or MacUpdate).
It still uses the Cisco VPN drivers so it won't help with your DNS
issue, but it puts a much nicer interface on the VPN.

Brian

On Sat, Mar 15, 2008 at 8:50 AM, Brian L. Matthews <blmatthewsgmail.com> wrote:
> This sounds like a misconfiguration in your company's VPN server. I use
> Cisco's VPN server all the time (in fact I'm connected now), and don't
> have any DNS problems.

I am positive it's a configuration issue on their side. I don't have
much confidence in our IT department. Maybe they're just over
burdened, but they seem to have trouble with all sorts of network
setup.

> But to do split tunneling, modify the connection entry you're
> using, click the Transport tab, and check Allow Local LAN Access.

Already did that. Drats.

> Also, I'd recommend getting Shimo (visit Versiontracker or MacUpdate).
> It still uses the Cisco VPN drivers so it won't help with your DNS
> issue, but it puts a much nicer interface on the VPN.

I'll have to give it a try. I have a feeling that there is more VPN
settings than the Cisco GUI is giving me. I know there is a command
line version of the tool, but I can't find any information about that
(not even the name of the command).

--
David Weintraub
qazwartgmail.com

On 16/03/08 11:20, "David Weintraub" <qazwartgmail.com> wrote:

>> But to do split tunneling, modify the connection entry you're
>> using, click the Transport tab, and check Allow Local LAN Access.
>
> Already did that. Drats.

Split tunneling has to be configured on the VPN server too. That's often
considered a security risk, though.

-Thomas

If your company is using a VPN to protect their network, they should turn split tunneling off. It is a security risk. It would allow a hacker to come in through your computer into their network.

If you have statically configured your DNS server, perhaps it is not being overwritten by vpn client.

Configured a VPN system to support mac, windows, and linux is a pain in the neck... and I'm a sr. network engineer

Funny thing is after I installed Shimo, I no longer have problems with
the VPN's DNS not working. Maybe they fixed the issue at my work. Or
maybe it was a change I made in the VPN setup. I added their DNS to
the IP addresses to the "Backup Server" configuration. Or, maybe it's
the way Shimo handles the DNS setup.

Shimo seems to intercept when I just use Cisco's VPN client, so I
would have to uninstall Shimo to see if the effects are caused by
Shimo or changes in my environment.

--
David Weintraub
qazwartgmail.com

David,

It's a sleep problem with Leopard. Ensure that you have the latest
version of the VPN and turn off sleep. You should have no further
problems. I haven't. I have no idea why this happens and no way of
investigating. It doesn't happen when the monitor is sleeping, only
when the cpu is.

Regards,

Lesley Vita

We're using a Cisco ASA for our VPN. Configuring it to support linux, mac & win was pretty easy (in fact, nothing in particular was required on the appliance side, and just downloading the installers & copying the profile from a manual setup to the installers is all that was required for client side setup). I'm just a converted webmaster/unix sysadmin/dba turned security guy. Cisco is not without its issues, but it does support the major O/Ss and isn't horrible to set up in our configuration. Now, if there are complex network requirements, I can see setup getting bad.

I'm guessing that the DNS change is what did it for you. Try taking out that 'back up' entry and see if it goes back to

The tech people made the fix by allowing the DNS server to work with
the VPN network. Originally, the DNS was setup, so it would only serve
computers directly located on their network. They changed it so it
will now work with systems on the VPN network.

--
David Weintraub
qazwartgmail.com