My client got an issue with RA VPN and DNS records and I'll highly appreciate if someone could explain or resolve this issue.
The client has reported that all the company staffs are using AnyConnect VPN to access their internal corporate networks and also they're using SCCM and CMRC to remote onto other VPN user’s laptops.
Basically, when the client was remotely connected to a laptop with computer name for example L0002867 and had to reboot the computer. After the reboot, the user logged back in and connected to the VPN. The client then tried to remote onto the laptop with the computer name and it came up with a CMRC error saying that he doesn't have permission to connect (although he has permission to remote onto all computers on the network). He pinged the laptop number which gave him an IP address of 10.10.251.13. When he remoted onto the computer using this IP, he was put onto a completely different computer. When we checked the DNS and found that the IP for L0002867 was actually 10.10.251.41. He tried to connect using this IP which got me back onto the laptop. This issue happens all the time with different computer names.
We did ask the client to clear the local DNS cache using "ipconfig /flushdns" .
The fact that the issue might be because it's a VPN client he's trying to remote onto. When a Windows computer gets a DHCP address from the DHCP server, it will try to update it's A record in the domain DNS server. As it's on a VPN, it is most likely unable to do that, so the DNS record will always be wrong for clients on the VPN.
Is there anything that can be done or updated on the RA VPN configuration?
Dear Community, So, according to the Cisco ISE Release 2.7 Administrator Guide, it should be possible to use a remote lock/wipe on MDM-devices that connect through ISE on the network( see the screenshot in the attachment).The problem is that th...
Hi, We currently have 2 Cisco 5525X ASA's in active/standby state. We have 750 concurrent Anyconnect licenses with the below licenses:AC-PLSM-5YR-500-S & AC-PLSM-5YR-250-S. (These are expiring soon) I have asked to get these renewed by our l...
Hi Everyone, Does anyone know if it is possible create a NAT for Cisco Anyconnect to a different IP so that the user doesn't have to use the External IP? We want to use a different dns name and assign to a different set group of users. Thank you...
"Choose one of the topics below to help you on your journey with NGFW/ASA"
Getting Started with Next-Genera...
Hello! I run 188.8.131.52.When I click download updates in ASDM I get:Download updates failed: Peer certificate cannot be authenticated with known CA certificates I have 3 identical devices and all of them have the same problem.. How can I fix ...