Solved: ASA DHCP DNS

alan-wong · ‎12-07-2012

Dear

I am running site to site VPN from site B to site A

site A: 192.168.1.1/24

site B: 192.168.2.1/24

On siteB. I used following DNS in site B DHCP from 5505 ASA.

dhcpd dns 192.168.1.1 202.66.192.68

When the site to site tunnel is working. It is normal DNS requests from site B to site A DNS. however, if the site to site tunnel is disconnected, site B not able to request site A DNS and do not jump to second DNS 202.66.192.68.

Can anyone help to resolve. I want siteB can use secondary DNS: 202.66.192.68 when tunnel is not connected. Thank you

Alan.

Mariusz Bochen · ‎12-07-2012

Hi Alan,

The fact that you're disconnecting your VPN makes me think you don't need a permanent connectivity, so maybe is better idea to setup remote client VPNs and configure the dns-server as VPN group-policy attribute? It gives more DNS flexibility, split-dns feature and so on. Not sure what is the exact requirement, but I don't think the stuff you're trying to achieve is durable with l2l VPN.

Regards

Mariusz

View solution in original post

Mariusz Bochen · ‎12-07-2012

Hi Alan,

The fact that you're disconnecting your VPN makes me think you don't need a permanent connectivity, so maybe is better idea to setup remote client VPNs and configure the dns-server as VPN group-policy attribute? It gives more DNS flexibility, split-dns feature and so on. Not sure what is the exact requirement, but I don't think the stuff you're trying to achieve is durable with l2l VPN.

Regards

Mariusz

alan-wong · ‎12-09-2012

Dear Mariusz

I would like to know is that possible to jump from Primary DNS to Secondary DNS in case VPN tunnel disconnected by any accidentially reason?

Regards

Alan.

ASA DHCP DNS

事例: ASA/FTDがUmbrella DNSへの登録に失敗する

Release of Virtual Appliance (DNS Forwarder) - Version 3.8.0

Improvements to Umbrella's DNS reporting retention period

FIrepower 1010 DHCP not pushing updated DNS

DNS et DHCP sur Packet Tracer