Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 28 subscribers
  • Views 20411 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Server stops working for LAN Zones after Cisco VPN is established

DomNik

Hi all,

I've noticed the following issue while giving the Cisco VPN another try with Apple iOS on MR5:

After an IPsec connection is established from the internet which is configured to use the DNS server of the XG, it will work very fast and without any problems.

BUT all clients from the intranet which are configured to use the XG as a DNS server too, won't get any answers from the DNS server anymore. (and no FW logs)

The problem is solved after I a restart of the DNS server of the XG, while the first DNS request from the Cisco VPN client will break it again.

 

I'm using the XG's gateway IP of my first LAN Zone (separate network and vlan) as DNS server for my VPN setup. Exactly the same IPs and networks/ranges are working flawlessly (but slow) with L2TP on my iPhone.

Could this be a serious bug or am I missing something?

 

Thanks and best regards

DomNik



This thread was automatically locked due to age.
Parents
  • 0

    Hey DomNik,

    I think you are spot on.

    I was having problems with DNS as well. I called them "unmotivated" because I couldn't identify any pattern. It was introduced with release MR4 and is still persistent in release MR5.

     

    After your post I did some more tests. And I can confirm that in a reproducible manner, the DNS server dies immediately, if I opened a VPN Cisco connection. A restart of the DNS service brings it back, until I again start a VPN Cisco connection.

     

    I guess that's something the Sophos team should look at. Rolling back to MR3 for the sake of peace at home ;)

    Cheers

    Norbert

  • 0 in reply to Norbert Schmidt

    A little addition to my notes:

     

    1) DNS continues to work for VPN. Meaning, I can still address xyz.com from the connected VPN Cisco client but I can't from any LAN client, incl. XG appliance, like f.e. pattern update

    2) A restart of the DNS does not work, if the VPN Cisco client is still connected

Reply Children