hi,
I have a question regarding Cisco VPN Client connection.
Right now, our clients using the Cisco VPN are given an address from a DHCP Scope from the internal network. They register in DNS fine but when they disconnect, their DNS entry remains. Note that the DHCP is updated and that the entry is removed automatically. So, when we look at the DNS, we see sometines many entries for the same address. It seems that the DHCP and DNS relation is "fucked up".
Example as seen on the internal DNS server
NAME TYPE DATA
laptop1 Host(A) 192.168.40.44
laptop2 Host(A) 192.168.40.44
laptop3 Host(A) 192.168.40.44
laptop5 Host(A) 192.168.40.46
laptop7 Host(A) 192.168.40.47
laptop11 Host(A) 192.168.40.48
laptop12 Host(A) 192.168.40.48
laptop15 Host(A) 192.168.40.49
Also, here is the config in the pix regarding the VPN connection:
group-policy company internal
group-policy company attributes
dns-server value 192.168.32.15 192.168.32.17
dhcp-network-scope 192.168.40.0
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value acl_ratioreps_split
default-domain value company.com
tunnel-group company type ipsec-ra
tunnel-group company general-attributes
authentication-server-group (outside) RADIUS
default-group-policy company
dhcp-server 192.168.32.1
tunnel-group company ipsec-attributes
pre-shared-key XXXXXXXXX
My question is the following:
Does the PIX register the client into the DNS through the command DNS-SERVER or only uses that command to resolve the name of my internal servers or workstations when trying to access them?
e.g.
ping mail.company.com
rather than
ping 192.168.32.5
Thanks.
Fritou
I have a question regarding Cisco VPN Client connection.
Right now, our clients using the Cisco VPN are given an address from a DHCP Scope from the internal network. They register in DNS fine but when they disconnect, their DNS entry remains. Note that the DHCP is updated and that the entry is removed automatically. So, when we look at the DNS, we see sometines many entries for the same address. It seems that the DHCP and DNS relation is "fucked up".
Example as seen on the internal DNS server
NAME TYPE DATA
laptop1 Host(A) 192.168.40.44
laptop2 Host(A) 192.168.40.44
laptop3 Host(A) 192.168.40.44
laptop5 Host(A) 192.168.40.46
laptop7 Host(A) 192.168.40.47
laptop11 Host(A) 192.168.40.48
laptop12 Host(A) 192.168.40.48
laptop15 Host(A) 192.168.40.49
Also, here is the config in the pix regarding the VPN connection:
group-policy company internal
group-policy company attributes
dns-server value 192.168.32.15 192.168.32.17
dhcp-network-scope 192.168.40.0
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value acl_ratioreps_split
default-domain value company.com
tunnel-group company type ipsec-ra
tunnel-group company general-attributes
authentication-server-group (outside) RADIUS
default-group-policy company
dhcp-server 192.168.32.1
tunnel-group company ipsec-attributes
pre-shared-key XXXXXXXXX
My question is the following:
Does the PIX register the client into the DNS through the command DNS-SERVER or only uses that command to resolve the name of my internal servers or workstations when trying to access them?
e.g.
ping mail.company.com
rather than
ping 192.168.32.5
Thanks.
Fritou
