Home > IT Answers > Security > CiscoASA5505 DNS not getting to domain reverse lookup zones.
Shadowspapa
5 pts.
 CiscoASA5505 DNS not getting to domain reverse lookup zones.
Cisco ASA 5505, DHCP, DNS, PIX, Reverse Lookup
We are a state agency with a main office here, then about 45 smaller offices throughout the state. The small 1 person offices connect back here via a web provider (ISP) and VPN client. The rest connect back here using either a Cisco PIX 501 (4 of our older small offices) or a Cisco ASA5505 - and in either case, use LAN-to-LAN connections back to an Altega concentrator. The PIX and ASA devices BOTH serve as their offices DHCP provider/server. Those offices get their IP address and DNS server and WINS server settings from the DHCP services of the PIX or concentrator. The issue: Those here locally that get their DHCP from our DCs are in the appropriate reverse lookup zones. Those that use the VPN client to connect back here get their DHCP address, etc. from the DCs here in this building as well. They are also all in the reverse lookup zones. Those that use the PIX devices to get back here show up in the reverse lookup zones! Now the kicker - those that use the ASA to get back here and get their addresses from the ASA DHCP are NOT registered in reverse lookup zones here! If the computer has a STATIC IP address and manually assigned DNS and WINS settings, it WILL register back here. So, anything that has either a STATIC assigned IP and DNS info registers, anything that gets DHCP assigned info from a server here registers, anything using the PIX for DHCP registers, but anything using an ASA AND getting a DHCP assignment from said ASA is NOT in the reverse lookup zones back here! We are ALL so confused! Our senoir staff, even the folks at ITE (IT Enterprise) who are levels way above me "don't get it". Ideas???? Microsoft said it's a Cisco issue, either the device or our configuration (or lack there-of) and the test they have run make me believe them. But then why does the PIX send that info back here and the ASA not? There are NO SPECIAL settings in the PX at all. In fact, the ASAs are setup almost exactly like the PIXs - we basically converted the PIX settings for the ASA. AARRG - (can I say that here?)

Software/Hardware used:
ASKED: April 10, 2009  3:30 PM
UPDATED: April 16, 2009  2:45 PM
RELATED QUESTIONS
Answer Wiki:
I too am experiencing the same exact issue. I have had an open support ticket with Cisco for months now. So far, they have not found any resolution and don't appear to see this as a major problem with the ASA's. I am actually "glad" (grin) to hear that I am not the only one who is experiencing this issue. Not to say that I would wish this problem upon anyone. I am just glad that I am not going nuts thinking I am the only one with this issue. Every 5505 we have installed to replace a PIX 501 has resulted in the DNS entries disappearing from our server. It worked fine when they had the 501 in place, but, as soon as we put the 5505 there,...... Also, we do concur that when the address is statically assigned, the entry does get created. If you would send me an e-mail, we can maybe work together to resolve this one. I have a temporary address of <b>(removed for security) </b> I will send you my real address when you contact me.
Last Wiki Answer Submitted:  April 16, 2009  2:45 pm  by  AEAvery   15 pts.
All Answer Wiki Contributors:  AEAvery   15 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _