Cisco VPN Client - DNS Server Redundancy

bunce.jake · ‎07-13-2011

Hello,

I have an issue with Cisco VPN Client. Remote users can connect to the ASA firewall, they receive the correct group policy, and can access the network resources which they need to get to.

In the group policy multiple DNS servers have been configured for redundancy, and they are both received when an ipconfig is issued on the client machine. We have had a situation where the primary DNS server failed. Clients did not automatically failover to using the secondary DNS server.

I'm leaning towards this being an issue with the client machine, though I would like to hear any suggestions that other people may have.

Best regards,

Jake

andrew.prince · ‎07-13-2011

The client should always query the secondary when it does not receive a response from the primary. So if the primary was no longer available, then the client should have re-sent the query to the secondary.

HTH>

Sent from Cisco Technical Support iPad App

bunce.jake · ‎07-13-2011

Hi Andrew,

That was what I would expect to see, but it didn't happen in this instance on multiple clients. Perhaps there's an option in the ASA to add a DNS server into the group-policy for the tunnel group if an IP SLA condition is met, or similar?

Regards,

Jake

andrew.prince · ‎07-13-2011

Jake,

Erm not that I am aware of - perhaps you should try to re-produce the issue, to actually see if it is a client problem. As the client could have sent a request to the primary server, and the primary server responded.......but just not with what you wanted it to. So perhaps everything was working OK?

bunce.jake · ‎07-13-2011

Nah, the primary DNS server was definitely on it's arse. Trying to reproduce the issue now. Thanks for your time.