I am adding some more observations. *show ip dns* view O/P doesn't have "DNS View ezvpn-internal-view parameters"
*show ip dns view-list* doesn't have "View-list ezvpn-internal-viewlist" *show ip dns name-list* alone shows the "ip dns name-list" that was pushed from the server. Have anyone tried split dns with EzVPN Useful link: server - http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftunity.html#wp1240248 client - http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftezvpnr.html With regards Kings On Fri, Oct 23, 2009 at 12:21 PM, Kingsley Charles < [email protected]> wrote: > Can someone help me on this. How do I verify that the client has got the > split dns strings from the server. "sh crypto ipsec client ezvpn" doesn't > show that. > > I am not able to make split-dns work. > > > > > With regards > Kings > > On Thu, Oct 22, 2009 at 10:15 AM, Kingsley Charles < > [email protected]> wrote: > >> Hi >> >> I am trying out EzVPN with split dns. >> >> On the IOS EzVPN server, the split-dns is "test.com" >> >> crypto isakmp client configuration group mine >> key cisco >> dns 10.20.30.40 >> pool mine >> split-dns test.com >> split-dns www.win2003.com >> >> I have connected IOS router as a client and brought up the tunnel with >> network extension mode. >> >> Now, if I try to ping www.test.com from the EzVPN client (IOS router), it >> sends the DNS request to the internet DNS server (configured with "ip >> name-server"). >> >> But actually, it should have sent the DNS request to "10.20.30.40", the >> DNS server that was sent by the EzVPN server right? >> >> Also I also don't see the split dns list in "sh crypto ipsec client >> ezvpn": >> >> client#sh crypto ipsec client ezvpn >> Easy VPN Remote Phase: 8 >> >> Tunnel name : mine >> Inside interface list: Loopback0 >> Outside interface: FastEthernet0/0 >> Current State: IPSEC_ACTIVE >> Last Event: MTU_CHANGED >> DNS Primary: 10.20.30.40 >> Save Password: Disallowed >> Current EzVPN Peer: 172.16.32.43 >> >> Sorry, I can't share my configuration. But this is straight forward. >> Please share your inputs. >> >> >> With regards >> Kings >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
