I believe I know the answer to this question but I'm hopeful there is an easier method to address this. I've got a new MX100 implementation with Client VPN configured. Users are able to authenticate and access the network just fine via Client VPN. The issue is that Windows Users are not using the internally defined DNS server as their preferred DNS server. In other words, when they attempt to resolve a corporate hostname, their local ethernet adapter's DNS server is being used rather than the VPN adapters DNS servers. Is the only way to address this by changing the network adapters metric so that the VPN adapter is preferred?
Note: this is NOT an issue with the DNS suffix. Also note that on MacOS this is a non-issue. On Mac's it automatically prefers the the VPN adapter's DNS servers. Thanks in advance!
I can't say I have had that issue.
If Windows 10 user connects and you run "nslookup", does it say it is using the VPN or Ethernet adaptors DNS server?
@ClaytonMeyer have you tried changing the network adaptors priority? If you put VPN at the top all traffic should then pass through the VPN including DNS
Connor here from Meraki Support. Try changing the adaptor metric in the settings pane also. You can get to it by navigating to:
Control Panel > Network and Sharing Centre > Change Adapter Settings > *right click the WAN Miniport adapter for the VPN* > Properties > Networking > IPv4 > Properties > Advanced > *untick Automatic Metric* and set it to 1
The screenshot is from Windows 7 (throwback) but it's the same method for Windows 10. This usually gets around Windows wanting to use the Ethernet/WLAN adapter's DNS settings, like you said for macOS ticking "Use VPN for all traffic" (not exact quote) also solves this.
All the best!
Network Support Engineer
.:|:.:|:. Cisco Meraki
Thank you both! I suspect that will fix it. I was hoping for another method that didn’t require touching all of the workstations though. I’ll post a follow up after testing.
Thanks again all for the replies. I advised the MX100 admin of the NIC changes but haven't heard back yet. I'll have to wait & see what they say. Hoping for a Meraki/Anyconnect like client in the near future that will address some of these issues going forward.