Hello,
Recently we transitioned VPN authentication off our old ACS to our new ISE server. Now however, VPN clients do not receive DNS settings when they connect, resulting in many internal services being unreachable for users.
The decision was made to apply DNS via an ISE authorisation profile. Clients connect via anyconnect to our ASA (5585) which authenticates against ISE. The ASA then receives two authorisation profiles:
"Outside-VPN" contains the access_accept and the class value (for application of tunnel/ACLs on ASA)
"Outside-VPN-DNS" which contains the DNS advanced attribute settings:
Cisco-VPN3000:CVPN3000/ASA/PIX7x-Primary-DNS = (DNS ip 1)
Cisco-VPN3000:CVPN3000/ASA/PIX7x-Secondary-DNS = (DNS ip 2)
Cisco-VPN3000:CVPN3000/ASA/PIX7x-Simultaneous-Logins = 3
The problem is these DNS settings are never applied to the clients, is there a setting on the ASA I am missing? I'm relatively new to ISE, and I'm just in the middle of my CCNA, if there's any details I've missed please let me know.
Any assistance would be welcome.
Thanks!