VPN Tunneling Connection Profiles with Support for Multiple DNS Settings
To ensure remote users are able to perform DNS searches as efficiently or as securely as possible, you can configure the system to allow multiple DNS settings during VPN tunneling sessions, based on a user's role membership.
When the system launches a user's VPN tunneling session, it uses a matching profile based on the user's role membership containing IP address, DNS, and WINS settings.
If you enable split-tunneling, the DNS search order setting allows you to define which DNS setting takes precedence-for example, search for a DNS server on the client's LAN before the system's DNS server, or vice-versa. VPN tunneling makes a backup of the client's DNS settings/search order preference before establishing a connection. After the session terminates, VPN tunneling restores the client to the original DNS settings. If you disable split-tunneling, all DNS requests go to the system's DNS server and your setting for the DNS search order preference does not apply.
After stopping and restarting a DNS client, the client may not pick up the search order of multiple DNS addresses in a timely manner, resulting in an incorrect lookup order when launching VPN tunneling. The rules governing DNS name resolution and failover are complex and often specific to the particular client operating system. You or the end user can attempt to run the ipconfig /registerdns commands from a command window on the client machine. This may reset the search order to the correct order. To understand the search resolution order for DNS servers, refer to the appropriate Microsoft DNS documentation for your operating system platform.
When employing a multi-site cluster of Ivanti Connect Secure devices, the IP pool and DNS settings may be unique to each device residing at a different site. For this reason, the system allows the VPN Tunneling Connection Profile policy to be node-specific. That is, the resource policy enables the client to connect to the same device in the cluster each time a new session is established.