We are working on deploying AnyConnect as our new VPN client. We are using ASA 5545x's.
Currently, the clients are using a pre-set address pool created from 172.17.0.0/16 (separated in 16 groups to make it manageable).
Our old VPN setup used statically assigned IPs that resolved to the machine's hostname (host.domain.edu). Our current AnyConnect/ASA combo is not resolving and we are having some trouble getting it set up. Here is what we want to accomplish:
1. AnyConnect client connects - requests DHCP address from our DHCP server (Infoblox cluster).
2. DHCP address is assigned to client. DNS resolves this address to the hostname of the machine (host.domain.edu).
3. DNS updates dynamically, so if the host address changes, DNS is updated accordingly.
Everything works fine from a connection standpoint with the address pools, but DHCP and host names do not currently resolve. I've looked into setting up a DHCP relay on the ASA. Is that the right approach? If using a relay, do we need to set up a dedicated interface to pass those requests? Right now, we have two interfaces set up - an internal and an external. I don't think the relay is working properly because I think the traffic needs to pass from the internal interface (where the clients are sitting once connected) to another interface set up specifically for a relay. Am I incorrect in this assumption?
This is my first time setting this up, so any input is appreciated!
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...