Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5087
Views
10
Helpful
2
Replies

ASA and Dynamic DNS Question

Go to solution
Craddockc
Level 3
Level 3

‎12-21-2017 02:20 PM - edited ‎02-21-2020 07:00 AM

Community,

 

I'm experiencing the following issue:

 

Anyconnect VPN clients get their DHCP settings from the Cisco ASA via the VPN group policy and not from a back end windows server. What were noticing is that the "A" Records in our  Windows DNS for the VPN clients are updating fine, but the "PTR" records (for reverse lookups) for the same clients are all over the place. As the VPN clients connect, getting IP addresses and other settings from the ASA, it doesn't appear as though the "PTR" records in our DNS servers are being updated with any regularity.

From what I am reading, normally the DHCP server is supposed to handle the function of updating the "PTR" records, while the Clients will update the "A" record. The clients that do get their DHCP settings from our Windows Servers have up to date PTR information in DNS, which leads me to believe that maybe the Firewall isn't updating the DNS properly

 

Does anyone know how the Cisco ASA goes about updating the DNS servers of the client IP's and hostnames it gave address settings to? We do not have DHCP enabled on any of the interfaces, Just pools set up in the VPN Group Policy profiles. 

 

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎12-27-2017 01:26 AM

The short answer is that the ASA does not send updates to DNS server.

 

We had this same issue where we had a requirement for some proprietary software that require reverse lookup.  We had to move all our VPN locally defined pools to the centralized DHCP server to get this working.

 

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

2 Replies 2

Go to solution
Marius Gunnerud
VIP
VIP

‎12-27-2017 01:26 AM

The short answer is that the ASA does not send updates to DNS server.

 

We had this same issue where we had a requirement for some proprietary software that require reverse lookup.  We had to move all our VPN locally defined pools to the centralized DHCP server to get this working.

 

--
Please remember to select a correct answer and rate helpful posts

Go to solution
Craddockc
Level 3
Level 3
In response to Marius Gunnerud

‎12-27-2017 09:57 AM

Thank you Marius! I believe this is also what we will need to do as well. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card