Map DNS Servers to Regions

When setting up a VPN profile, you choose the Secure Access region where your data center is located, which determines where the VPN traffic will be routed within the your network. You also choose the DNS servers to resolve DNS requests to internet resources.

Cisco Secure Access allows you to map DNS servers within a VPN profile, essentially directing all your DNS requests through the VPN tunnel to those designated servers, ensuring that your internet traffic is routed through the VPN and utilizing the chosen DNS resolution service.

This topic describes how to set up a VPN profile to map the DNS servers configured within your network to resolve DNS requests so VPN clients can access network resources when connecting over VPN.

Table of Contents

• Prerequisites
• Procedure

Prerequisites

• Full Admin user role. For more information, see Manage Accounts.
• Set up the VPN profile. DNS settings are part of the General settings when setting up VPN profiles. For more information, see Step 1 – General Settings of the VPN profile section.
• When setting up VPN profiles, the DNS Servers setting defaults to Region specified, meaning that the VPN profile uses the DNS specified for the region. This is the default behavior across all regions.
• (Optional) Change the default to Custom specified and map DNS servers to a different server pair for a VPN profile.
• (Optional) Change the default to Custom specified selectively for any region, or map all regions to use the same server pair.

Procedure

The following procedure describes how to map DNS servers configured in regions across your Secure Access organization. DNS settings are part of the General settings when setting up VPN profiles, thus this procedure covers only a subset of the VPN profile set up. For more information, see:

• Add VPN Profiles for the complete VPN profile procedure.
• Step 1 – General Settings for how DNS settings are applied in the VPN profile's general settings.

1. Navigate to Connect > End User Connectivity > Virtual Private Network.

2. For VPN Profiles, click + VPN Profile.

3. Enter a meaningful VPN profile name for this profile.

4. Enter an optional Display name for this profile. This is a customizable and flexible label that is displayed to end-users of the Cisco Secure Client for ease-of-selection when choosing the appropriate profile.

5. Enter the Default Domain.

6. Review the DNS Servers options.

   1. By default, the DNS Servers is set to Region specified, meaning that the VPN profile uses the DNS specified for the region.

      

   2. Click View DNS servers to see the list of DNS servers mapped to regions.

      

   3. (Optional) To choose a DNS pair other than the default regional DNS, click Custom specified, then click Map DNS servers to open an configurable view of all available DNS servers for a VPN profile.

   4. (Optional) Use the DNS Servers drop-downs to map any DNS server changes for a corresponding Region . Click Save to change the DNS settings, or click Cancel to exit.

      

   5. (Optional) To choose one DNS pair for all regions, check Select one DNS server for all the regions.

   6. (Optional) Select a DNS server pair from the available drop-down list to be applied to all regions. Optionally, click + DNS server to configure a new DNS server option. See Manage DNS Servers for more information.

   7. (Optional) Click Save to change the DNS settings, or click Cancel to exit.

Manage DNS Servers < Map DNS Servers to Regions > Manage DDNS Servers