正在寻找一些我似乎无法解决的 Office VPN 帮助...

我正在尝试通过 DC ASA 5506-x VPN 从家用 PC 远程桌面到工作 PC。我只能使用 IP 地址或 FQDN 连接到工作 PC，但无法解析主机名。

![network]( https://pasteboard.co/[![networkdiagram][1]

硬件/软件型号：

• Windows Server 2012 R2 标准托管 DNS 服务器版本 6.3.9600.17238
• DC Cisco 5506-x 防火墙托管 VPN
• DC Cisco 5506-x 防火墙 Cisco asdm 映像 asdm-7101.bin
• DC Cisco 5506-x 防火墙引导系统 asa982-20-lfbff-k8.spa

主机名和 Intranet 站点都在办公室完美解析，只是当我们通过 VPN 连接时它不起作用。我玩过我们的防火墙，并确保它的 DNS 服务器配置为我们的 Windows 服务器的 IP 地址，但这些都不起作用。

我的问题是，如何解决 DNS 问题？通过 VPN 连接时如何让 DNS 解析？

: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.8(2)20
!
no mac-address auto
ip local pool DC_REMOTE_VPN_POOL 10.111.10.50-10.111.10.100 mask 255.255.255.0

!
boot system disk0:/asa982-20-lfbff-k8.SPA
boot system disk0:/asa961-lfbff-k8.SPA

dns domain-lookup inside
dns server-group DefaultDNS
 name-server 10.111.1.1 inside 
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object-group network DC_REMOTE_VPN
 network-object 10.111.10.0 255.255.255.0
object-group network INT
 network-object 10.111.0.0 255.255.0.0
object-group network OFF_INT_NETS
 network-object 10.110.0.0 255.255.0.0
object-group network OFF_REMOTE_VPN_NETS
 network-object 10.110.10.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any unreachable
access-list outside_access_in extended permit icmp any any time-exceeded
access-list outside_access_in extended permit icmp any any parameter-problem
access-list DC_REMOTE_VPN_splitTunnelAcl standard permit 10.111.1.0 255.255.255.0
access-list DC_REMOTE_VPN_splitTunnelAcl standard permit 10.111.9.0 255.255.255.0
access-list DC_REMOTE_VPN_splitTunnelAcl standard permit 10.111.3.0 255.255.255.0
access-list DC_REMOTE_VPN_splitTunnelAcl standard permit 10.112.0.0 255.255.0.0
access-list DC_REMOTE_VPN_splitTunnelAcl standard permit 10.111.0.0 255.255.0.0
access-list DC_REMOTE_VPN_splitTunnelAcl standard permit 10.110.0.0 255.255.0.0
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
mtu outside 1500
mtu inside 1500
mtu firepower_MGT 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-7101.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (any,any) source static DC_REMOTE_VPN_NETS DC_REMOTE_VPN_NETS destination static OFF_INT_NETS OFF_INT_NETS no-proxy-arp
nat (inside,outside) source static DC_INT_NETS DC_INT_NETS destination static DC_REMOTE_VPN_NETS DC_REMOTE_VPN_NETS no-proxy-arp
nat (inside,outside) source static DC_INT_NETS DC_INT_NETS destination static OFF_INT_NETS OFF_INT_NETS no-proxy-arp
nat (inside,outside) source static DC_INT_NETS DC_INT_NETS destination static OFF_REMOTE_VPN_NETS OFF_REMOTE_VPN_NETS no-proxy-arp
!
object network obj_any
 nat (inside,outside) dynamic interface
!
nat (inside,firepower_MGT) after-auto source dynamic any interface
access-group outside_access_in in interface outside
route inside 10.110.0.0 255.255.0.0 10.111.9.201 10 track 1
route inside 10.111.0.0 255.255.0.0 10.111.9.201 1
route inside 172.16.1.0 255.255.255.252 10.111.9.201 1
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication telnet console LOCAL
aaa authentication login-history
snmp-server enable traps entity config-change
sla monitor 172
 type echo protocol ipIcmpEcho 172.16.1.2 interface inside
 num-packets 5
 timeout 10000
 frequency 30
sla monitor schedule 172 life forever start-time now
service sw-reset-button
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal ikev2-ESP-AES256-SHA1
 protocol esp encryption aes-256
 protocol esp integrity sha-1
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map DC_REMOTE_VPN_dyn_map 20 set ikev1 transform-set ESP-3DES-MD5
crypto map vpn 10 match address VPN2OFF
crypto map vpn 10 set pfs
crypto map vpn 10 set peer 103.241.91.91 103.241.91.112
crypto map vpn 10 set ikev1 transform-set ESP-3DES-MD5
crypto map vpn 65535 ipsec-isakmp dynamic DC_REMOTE_VPN_dyn_map
crypto map vpn interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
crypto ikev2 policy 20
 encryption aes-256
 integrity sha
 group 14
 prf sha
 lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 20
 authentication pre-share
 encryption aes-256
 hash sha
 group 5
 lifetime 86400
!
track 1 rtr 172 reachability
telnet timeout 5

dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.111.1.1
ntp server 203.129.68.14
ssl cipher default low
ssl cipher tlsv1 low
ssl cipher tlsv1.1 low
ssl cipher tlsv1.2 low
ssl cipher dtlsv1 low
group-policy DC_REMOTE_VPN internal
group-policy DC_REMOTE_VPN attributes
 dns-server value 10.111.1.1
 vpn-tunnel-protocol ikev1
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value DC_REMOTE_VPN_splitTunnelAcl
 default-domain value test.local
 split-tunnel-all-dns enable
dynamic-access-policy-record DfltAccessPolicy
tunnel-group DC_REMOTE_VPN type remote-access
tunnel-group DC_REMOTE_VPN general-attributes
 address-pool DC_REMOTE_VPN_POOL
 authentication-server-group ADC01 LOCAL
 default-group-policy DC_REMOTE_VPN
tunnel-group DC_REMOTE_VPN ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 103.241.91.91 type ipsec-l2l
tunnel-group 103.241.91.91 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 103.241.91.112 type ipsec-l2l
tunnel-group 103.241.91.112 ipsec-attributes
 ikev1 pre-shared-key *****
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options