Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6191
Views
5
Helpful
6
Replies

VPN clients dns updates

wngwngwng
Level 1
Level 1

‎10-10-2012 01:09 PM

Hi all,

I currently have Anyconnect clients connecting to my ASA and obtaining IPs from the ASA IP address pools I created.  Is there a way to get the clients to automatically update the forward and reverse records with this IP?  I was looking at the Dynamic DNS management within the ASA, but wasn't sure if this work work.

Thanks in advance,

Bill

5 people had this problem
Labels:
0 Helpful
6 Replies 6

Javier Portuguez
Level 9
Level 9

‎10-20-2012 11:37 PM

Hi Bill,

I think this could be accomplished with a dedicated DHCP server.

Windows tries to perform this task automatically:

So once the VPN client gets an IP address from the DHCP server, the server registers the clients name.

Here is an example of to set up the ASA for this:

ASA/PIX: IPsec VPN Client Addressing Using DHCP Server with ASDM Configuration Example

HTH.

Portu.

Please rate any helpful posts.

0 Helpful

bravotom99
Level 1
Level 1
In response to Javier Portuguez

‎07-07-2014 01:17 PM

I hate to respond to 2 year old posts but this is the same issue I am seeing.  Can the forward/reverse updates be updated if you use local pools instead of a DHCP server?  In my environment, it looks like the laptop eventually does a /registerdns which updates the forward lookup however the reverse never gets updated. Is there anything the ASA can do to pass this info onto the DNS server?

0 Helpful

don.click1
Level 4
Level 4
In response to bravotom99

‎08-24-2017 08:01 AM

I am going to bump this post as well.

 

We have a IP pool defined in the ASA. clients get the ip no problem. I just need to determine how we tell the ASA to send ddns updates to our Bluecat servers. I have yet to find a simple answer to this - most involve enabling DHCP server on the ASA, or moving the IP's to our Bluecat DHCP/DNS servers. Neither of these options are appealing to me.

0 Helpful

Eli Barb
Level 1
Level 1
In response to don.click1

‎06-26-2018 07:38 AM - edited ‎06-26-2018 07:39 AM

bump - same experience

0 Helpful

malkhati
Cisco Employee
Cisco Employee
In response to Eli Barb

‎03-05-2020 08:39 AM

This is not supported as of now.

In order to have the DDNS and PTR records properly updated when a remote
client connects, we need to have the ASA send the FQDN of the remote client
to the DHCP server in charge of IP address assignment. Thus the ASA will
have to send Option 12 and Option 82 to make it work with the Anyconnect
clients. Although we can configure the ASA for DDNS updates, Option 82 is
currently not supported on ASA. Right now, the ASA will only send option 12
in the DHCP discover, populated with the hostname but we would need to have
the ASA send DHCP option 81 as well with the FQDN properly inserted. This
means that even if you have a DHCP server configured in your network, you
wouldn't be able to use DDNS with the Anyconnect clients due to this
limitation.

We have an Ench. Request https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsv34395

 

 

maciej.purcidis
Level 1
Level 1
In response to malkhati

‎09-30-2020 05:54 AM

Thanks for update. Wanted to ask for further clarification as BugTracker says it's terminated but only lists old Anyconnect version. Is sending option 81 still not working? 

0 Helpful
Customers Also Viewed These Support Documents