Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1141
Views
0
Helpful
2
Replies

Anyconnect reconnect does not do DNS lookup

jtennant
Level 1
Level 1

‎07-23-2020 05:29 AM

Because of a bug, we have decided to split our HA pairs of FP4115's running ASA into separate devices. The problem I'm seeing now is, when a user is connected to vpn1, and then vpn1 goes down, anyconnect tries to reconnect but only to the ip of vpn1. It does not apprear to be doing a DNS lookup and then trying to hit vpn2 (we put an F5 in front to server up proper available vpn devices). The keepalives seem to be working but without that second dns lookup on the name, the user just sits and waits....

 

What am I missing?

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎07-23-2020 06:11 AM

I think you are trying to implement things in a quite uncommon way and that is causing problems. For example, why should Anyconnect to a new DNS request if the name is still cached. But in a different setup, you will likely not face these problems.

Some ways to implement this:

  1. VPN-Loadbalancing: You do not need an external loadbalancer, the ASAs implements this natively.
  2. Loadbalancing on the F5: Here the client should only see one virtual IP regardless of which or how many devices are behind the loadbalancer.
  3. If you want to have two IPs that the client can access, use two FQDNs and configure the second as a backup-server in the AnyConnect client profile.

With all these ways it should work as expected.

0 Helpful

jtennant
Level 1
Level 1
In response to Karsten Iwen

‎07-24-2020 01:15 PM

We decide to try your option 3. It appears to be working very well. Thank you very much!

 

0 Helpful
Customers Also Viewed These Support Documents