Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8620
Views
30
Helpful
3
Replies

VPN client not updating records in local dns server

Amardeep Kumar
Level 1
Level 1

‎02-20-2019 06:32 AM

Hello

Remote VPN users are connecting to asa but their records are not updating on local dns server. so we are not able to push domain policies to there machines. 

 

Remote VPN are getting IP from ASA IP pool. 

 

Thanks

Amardeep 

1 person had this problem
Labels:
3 Replies 3

ngkin2010
Level 7
Level 7

‎02-20-2019 06:41 AM - edited ‎02-20-2019 06:42 AM

If your workstation has joint domain with your active directory, you could deploy group policy (GPO) to enforce workstation register and update its A and PTR record on DNS server.

 

Quote from another post by spamtrashed

 

IPv4 TCP/IP settings > "Advanced" button > "DNS" tab.

There are two checkboxes for "Register this connection's addresses in DNS" and "Use this connection's DNS suffix in DNS registration." If you check both checkboxes and ipconfig release & renew, a PTR record will appear.

 

To automate that across the entire environment I added two settings to our workstation GPO.

Computer Configuration\Policies\Administrative Templates\Network\DNS Client\Register DNS records with connection-specific DNS suffix > Enabled

Computer Configuration\Policies\Administrative Templates\Network\DNS  Client\Register PTR Records > Register if A record registration succeeds

Amardeep Kumar
Level 1
Level 1
In response to ngkin2010

‎02-20-2019 06:46 AM

Hi ngkin2010,

 

Yes all VPN are also has joined domain. 

 

VPN user are getting IP from ASA Pool is there any thing we need to do on aSA 

 

Please suggest

 

Thanks

amardeep 

ngkin2010
Level 7
Level 7
In response to Amardeep Kumar

‎02-20-2019 07:00 AM

If you have configured your workstation to update DNS server as mentioned previously, it should works and no configuration is needed on ASA.

An other option is to configure Dynamic DNS setting on ASA to update your Active Directory DNS. But you will have to allow "nonsecure dynamic updates" on your AD server.

Either one should work, and I would prefer the first option because it's all related to Microsoft product only, no any integration between Cisco ASA and MS AD servers is needed. Also, if you use option 1, you don't have to allow "nonsecure dynamic updates" on your AD server which might reduce the security level.
Customers Also Viewed These Support Documents