cisco vpn 3005 and split tunneling

[ttnnee]

I have a cisco 3005 concentrator that remote clients are connecting to. I want them to be able to use their own ISP for their internet browsing and use the vpn tunnel to access network resources. When I enabled split tunneling it allowed them to access the network resources but they can not browse the internet. The reason why is because the DNS server settings for our private network overide the dns settings from their ISP (they get these DNS and WINS settings from the group configured on the VPN). The only way they can surf the net and get access to our resources is to manually enter their DNS settings from their ISP after they connect to our network via vpn. This creates another problem because most remote users use dhcp from their ISP to get there ip settings, so they are not going to be able to manually enter the dns ip address. Is there any way to prevent their ISP dns settings from being erased when connecting to the vpn tunnel?

 

[franklin1232]

I don't know if you can keep DNS settings, but if a ISP uses DHCP you still can assign DNS server. The connection IP will still use DHCP, but you can specify DNS IPS.

I don't think that work though. I used the same Cisco box and could only give internet access through the office network. At the time we didn't have internal DNS so it worked. Since the office network didn't assign DNS it use the ISP assigned ones, but if you configure forwarders on your DNS server then it should pass your requests to it's configured DNS servers. The DNS server should never point back to itself so you could use the Office ISP's DNS server.

This keeps your DNS server clean by not storing tons of domain information.