Jump to content
Welcome to our new Citrix community!

Problem with DNS Resolution in VPN Setup

Steven Storp

Recommended Posts

Hi guys,


i am having a problem with the DNS Resolution in my VPN Setup.
The config is this:

  • 2 NS13.1 42.47.nc HA Pair
  • 2 DNS Name Server are configured under Traffic Managment -> DNS -> Name Server
  • Intranet IP Adresse are configured
  • Split Tunnel is ON
  • Intranet Applications are configured for the Virtual Server
  • Net Profil are configured for the Virtual Server

I am connecting through the gateway via Citrix Secure Access Client, everything worksfine and i getting a Intranet IP Adress.

Now i can only access the Intranet Applications via IP Address. DNS Resolution does not work at all(HTTPS/MSTSC/etc.).


What i tryed so far:

  • Ping our DNS Server via the Net Profil Address -> Works fine
  • Checked our DMZ Firewall Config and do a Paket Trace for the Net Profile Address to our DNS Server -> Works fine
  • Checked Drop Packets on our Firewall -> No Packet are Dropped for Net Profile Address.


Does anyone have an Idea what am i missing?


Greeting Steven

Link to comment
Share on other sites

from my understanding this is not full vpn tunnel, since u have enabled split tunnel 

if you want full tunnel then disable split tunnel 


in case you need to split tunnel some traffic using intranet application lets say for example i want the user to go to website xyxyxy.net but using their own home ISP internet, and not my office internet, then i can enable split tunnel and use intranet application and add the website xyxyxyxy.net IPs , so now any user connect to gateway , all her/his traffic going through the tunnel except the one I specified in intranet application, in this scenario i would make sure under gateway > policies > sessions > session profile 

select the profile which has bind to the vserver,  and then network configuration dns virtual server make sure to select your DNS VIP 

Link to comment
Share on other sites

Thank you for the hint. The frist setup was a full VPN and now i switched to Split Tunnel. I edited the Post.

The VPN Profile is bind to AAA Group no to the gateway vserver. Maybe i have to switch that to the vserver?

Do i need an Virtual DNS Server for Split Tunnel? In Carl Stalhood Documenation it says:

"You will find a setting that lets you select a DNS Virtual Server. Or if you don’t select anything, then the tunnel will use the DNS servers configured under Traffic Management > DNS > Name Servers"


So my Network Configruation for the virtual dns server is empty at the moment.


Greetings Steven


Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...