When I upgraded to OS X 10.7 (Lion), I started using the built-in IPSec VPN client rather than Cisco's VPNClient. I experienced problems immediately. At first it appeared that the connection was being made, but no traffic was passing. When I tried pinging by IP address, I found that traffic was passing, but I couldn't do anything by hostname.

The problem is fairly well documented. Lion appears to prefer your original connection DNS servers rather than the servers assigned when the VPN connection comes up. Lots of Lion DNS lookup order workarounds have been proposed, but my preferred solution so far is to change the service order in the Network pane of System Preferences. By dragging my VPN connection to the top, I guarantee that the DNS servers specified in that connection will be the ones used.

This has solved my problem in most cases. Certain command line tools (host, dig, nslookup) do not honor the order, but that's a trivial problem.