I'm working on a new project at a client site where where the VPN clients are causing name resolution conflicts in Active Directory DNS. Here are some details:
1.The organization have servers and workstations that are configured to use IP addresses such as 192.168.1.x, and 192.168.2.x. (Obviously not good choice of IP addressing but am stuck with the current IP scheme).
2. When VPN clients connect from home, two IP addresses get registered- 1. Their local NIC (usually 192.168.1.x and the VPN address 10.x.x.x.
The problem this is creating is the DNS ends up with duplicate entries because a home users local Network Card is assigned an address like 192.168.1.x - and the same address is used at the customer site for servers and workstations. So in essence you end up with DNS entries such as 192.168.1.10 = homeuserspc as well as 192.168.1.10 = server01.
Is there any way to block the VPN concentrator from passing through DNS registration from VPN users? Not sure if access lists can do this as the vpn concentrator is a cisco 2851. I can't have the VPN users configure their network settings to not register with DNS either because the laptops are also used on site and needs to register with DNS when at the office.
Any suggestions on how to prevent DNS registration from happening on VPN clients? Thanks.
