AnyConnect DNS Issue

jf1134 · ‎04-25-2024

We are having an issue were after disconnecting from AnyConnect and connecting the next day, they get a new IP in AnyConnect but in our local DNS they have another IP which I assume is probably from the day before. This obviously causing name resolution issues. The only work around I have so far is to have them do a ipconfig /registerdns

Would this be something on the ASA or would this be something on our DNS server that it's not registering the new IP address.

Thanks

MHM Cisco World · ‎04-25-2024

Why ASA need FQDN of user?

MHM

jf1134 · ‎04-25-2024

So they use the VPN to access servers in our datacenter and use \\abc\share to access the file shares. It doesn't work because the IP they through AnyConnect is not the same as what's in DNS. It does work fine with \\1.2.3.4\share

I guess an option would be is to add a login script to AnyConnect that does a ipconfig /registerdns and maybe ipconfig /flushdns

tvotna · ‎04-25-2024

ASA doesn't register IP addresses allocated from the local pool in DDNS. It supports DDNS for its own IP address only. You best bet is to allocate IP addresses from DHCP and let DHCP server register you client in DDNS. ASA is able to request IP addresses from DHCP server on behalf of the client (so-called DHCP proxy client feature). This is rarely used though.

Aref Alsouqi · ‎04-25-2024

Are you referring to a local DNS on the endpoints in addition to the one that gets pushed to them when they get their IP addresses? if so, that would depend on the OS cache. What you can do in that case you can configure split DNS tunnelling which will allow AnyConnect to send the DNS queries to the corporate DNS server for the domains belonging to the company.

If you wish to rely on login script, please check this post that shows how to do that:

Solved: DNS flush - Anyconnect VPN - Cisco Community