Troubleshooting Tip: DNS resolution is not working over the remote access IPsec tunnel

To resolve the issue of DNS resolution not working over a remote access IPsec tunnel, follow these steps:

1. Go to VPN -> IPsec -> Phase 1 and edit the existing phase 1 configuration.
2. In the phase 1 configuration, enable Unity Support and set the Domain to the desired DNS suffix.
3. The configuration should look like this:

config vpn ipsec phase1-interface
    edit <name>
        set unity-support enable
        set domain <string>
    next
end

4. After making the changes, disconnect and reconnect the VPN client to test the DNS resolution.

By following these steps, the DNS suffix will be configured correctly, and DNS resolution should work as expected for short hostnames over the remote access IPsec tunnel.

The Cisco Unity Configuration Method extensions, which are related to this parameter 'unity-support', are specific to Cisco’s IKEv1-based implementation, so it is not possible to enable it when using IKEv2, and the option is hidden as a consequence.

Related article:

Technical Tip: Unity-support is disabled after IKE version is changed from v2 to v1