Do you still require assistance with this issue?

--

Please rate all helpful posts.

Marius -

Thanks for your response,I really appeciate you taking the time to better understand my question.

Firstly, my apologies for the delayed reply, its been chaotically busy the past few days.

Please let me try and answer these questions for you.

A1) To my knowledge, we have no other reports from other remote-users who are experiencing this same problem. (Moreover, I've been working from home for over 2yrs and I've never had this issue).

A2) 052ltdir01 is a laptop (052=Location, LT=Laptop, dir=job role) - this device is another laptop on our network.

A3) The ASA is setup to provide our VPN users a primary and secondary DNS server. The DNS records have a lease period of 8 days. These users connect/reconnect throughout the day.What I am seeing are valid A records with in DNS, however, there seems to be a huge discrepancy with the way the PTR records are updating (or, lack thereof).

A4) Split tunneling on these VPN client profiles is enabled.

From the infomration I've been able to gather, our ASA basically acts as pass-through device. Its really for the most part DNS unaware... Please correct me if I'm wrong but my understanding in a nutshell is this... DNS registration is initiated by the VPN clients, the ASA simply forwards the updates to the appropriate destination). ?

I really think this has to do with the image that these employee's are using on thier laptops. We have in the process of setting up a different image on a different laptop and sending it out to the field to test.

I was almost leaning towards a DNS issue or IP address conflict but since it is only a select few that experience the issue then this is not the issue.

Do all VPN users use the same connection profile? Or do you have seperate profiles for different job rolls?

From the infomration I've been able to gather, our ASA basically acts as pass-through device. Its really for the most part DNS unaware... Please correct me if I'm wrong but my understanding in a nutshell is this... DNS registration is initiated by the VPN clients, the ASA simply forwards the updates to the appropriate destination). ?

Yes, the DNS request is initiated by the VPN clients.  By default, all DNS requests are tunneled to the ASA and the ASA forwards the request to the DNS servers.  If you have split tunneling configured you can also configure split DNS (well you can configure split DNS anyway but most common when split tunneling is configured).  This will send only the DNS requests for the configured DNS names to be resolved over the VPN tunnel and all other requests will be resolved locally.

It is possible that the issue is caused by the image.  Which image are the affected laptops running?  What image are the laptops that do not experience any issues running?  What image is now installed on the test laptop?

--

Please rate all helpful posts.

It is possible that the issue is caused by the image.  Which image are the affected laptops running?  What image are the laptops that do not experience any issues running?  What image is now installed on the test laptop?

Thanks again for the follow up Marius - Yes, our standard company image is built upon a x32 bit version of Windows 7... For whatever reason, these paticular remote users were setup with a x64 bit version, which, to my knowledge, is setup differently from our standard company image. As far as I know, they are able to do everything else okay, it just seems they are the only group is who currently being impacted by these DNS challenges. The test laptop that we are currently building is based on the same image (x32 bit Win7) that everyone else is using... (*e.g. The image that nobody else has problems on. =))

Yes, we do have several differnt .pcf profiles that we use here at my company. This group of employee's use a profile that is also used by the majority of other users... (It's our standard 'USER' profile). Split DNS is only configured on one of the 5 different profiles. Do you think enabling split-DNS on the given profile would be of any benefit?

Regards,

I would not think that using split DNS would solve this issue as all DNS requests are tunnelled by default, but you never know.

The users that are affected that are running the x64 windows 7, are they all using the same connection profile?  If they are, do they still experience the problem if they use a different profile?

Yes, that is correct - all users running the x64 bit operating system are using the same basic 'user' profile. I have not had them try a different profile to see if that makes a difference. Most all of the profiles we have available (aside from the profile the IT department uses) are configured pretty much identically; the only differences are the networks/subnets that are allowed to be accessed.