We have Windows XP SP2 clients running the Cisco VPN 3000 client (3030) on wireless connections. When off the VPN, the clients get their DNS servers from DHCP (they are definitely not statically configureD). In some cases, the clients continue trying to talk this DNS server even after they get on the VPN, even though the VPN concentrator is giving out different DNS Server addresses.
Has anyone seen this?
Thanks
Best Answer
It is possible that your DNS server settings that your VPN concentrator is giving out are not covered in the split tunnel networks that GregD mentions. If your VPN DHCP scope gives out DNS servers and these are NOT covered by the split tunnel networks the client will try to reach the DNS servers over its default gateway, which will be the local router they are connected to.
I have to disagree with the statement that the ful VPN is more secure - you don't really want your web browsing traffic being routed across the corporate WAN over the VPN, particularly if the client is not managed by the company and you have no control over AV, patching etc - you could be transmitting all sorts of bad stuff onto your corporate network.