[c-nsp] Resolve the FQDN of the URL published in web VPN in ASA

Jay Hennigan jay at west.net
Sat Nov 26 15:30:00 EST 2011


On 11/26/11 11:24 AM, Farooq Razzaque wrote:
> 
> 
> Dear All,
>  
> I have the requirement to resolve the FQDN of the URL published in web VPN in ASA.
>  
> When remote users connect to web vpn then they access one URL (https://fully qualified domain name:7004/console-selfservice)  which is published in Web VPN and which is accessible through FQDN. So how i can resolve the FQDN against.
>  
> Can we done this on ASA. or can we configure Web VPN so that when remote users connect to VPN they can get DNS server IP to resolve the FQDN

Does the FQDN point to the same IP for all users?  Is the base domain a
standard registered name?  If yes to both, you can just publish it in
your regular DNS A records and any resolver worldwide should be able to
find it recursively.

If it points to different IPs then what mechanism determines this?  If a
private domain name like [whatever].local, consider also creating a
public one.

There's nothing preventing you from publishing a public A record that
resolves to private RFC1918 space.  It won't be useful to those who
aren't connected to your private network but that shouldn't matter.

You can also have two variants such as host.example.net -> public IP and
host.vpn.example.net -> private IP.

Or if the ASA is assigning DHCP to the remote users it can direct them
to a specific name server that has the appropriate zone file.

I'm not 100% clear on exactly what the problem is that you are trying to
solve.  If it's more complex than this, please provide more detail.

--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV


More information about the cisco-nsp mailing list