VMware Communities
pfruth
Enthusiast
Enthusiast
‎04-21-2022 08:54 PM

CISCO AnyConnect / VMWare NAT / DNS problem in guest when host is connected to VPN (cont)

CISCO AnyConnect / VMWare NAT / DNS problem in guest when host is connected to VPN
 

My problem is very similar to problem reported in this old thread with some small variations in configuration.
I did not see any solution in that thread.  And have not found a "VMWare" solution since then.

Configuration

Windows 10 Enterprise Host [21H2]
VMWare Workstation Pro 15.5.7
CISCO AnyConnect V4.10.01075
- IP4 ... Split Include
- IP6 ... disabled
Windows 10 [1909] Guest with vmnet8 / NAT (dhcp address assigned)

Problem

When the host is connected to the VPN, DNS resolution in the guest does not work.  The Cisco AnyConnect VPN restricts/blocks any host network traffic on port 53.

Bridged networking is also not desirable; company network only allows one MAC per physical port when on site.

 

However, I have found a solution to this challenge using Oracle VirtualBox.
I'm wondering if VMWare has an equivalent solution for VMWare Workstation Pro.
With VirtualBox, it is possible to configure the a Virtual Machine's virtual NIC  NAT attachment to use the host operating system DNS resolver APIs, rather than direct network communication to a DNS server over port 53.

With the VirtualBox CLI command;

 

VBoxManage modifyvm VM-name --natdnshostresolver1 on

 

This resolves the problem of DNS resolution failures inside the VirtualBox virtual machine guest when the Cisco AnyConnect VPN is active on the host.

 

Does VMware have a similar technique to resolve this problem in a VMware virtual machine guest?
Else, I'll be switching to VirtualBox.

1 Reply
CarltonR
Hot Shot
Hot Shot
‎04-22-2022 04:30 AM

This would suggest that your Win 10 Guest does not have the relevant pointers/route to the VPNs DNS.  The command you used for the VirtualBox does just that. "Does VMware have a similar [post command] technique" answer No, this normally occurs when setting up the Guest, any issues encountered have to be corrected manually, but oddly I've not found any issues, or had to modify anything, to have the Guests on my VMware Workstation setup using the hosts VPN.

As such, I would suggest that you review:

- [Guest] ipconfig /displaydns output to ensure that the DNS is correct for the setup (as this list could be quite long, so would suggest piping it to a text file)

- [Guest] ipconfig /all output to ensure that the DNS is correct for the setup

- [Guest] Check the Windows IPv4 network properties to make sure they're set to DHCP for both the IP and DNS.

- [Guest] check the 'networks' file (%SYSTEMROOT%\System32\drivers\etc).for relevant entries

- [Guest] check the 'hosts' file (\Windows\System32\drivers\etc).for relevant entries

If all appears in order than would suggest manually adding the VPNs DNS entries to the Guest (you could use the same ones associated with the VPN, that were added to the VirtualBox Guest).

You might also like to review this forum entry 'VMware Workstation 16 Pro Guest can't connect over host VPN' . . . although its for a different Guest OS, it's basically the same thing as you're seeing

0 Kudos