VPN Client Changes Resolved Address

A few users have reported that their VPN Client changes the pre-configured address from X.X.X.X to X-X-X-X.provider.net. For example - from 1.1.1.1 to 1-1-1-1.provider.net, Does anyone have any idea why would that hapen?
StrinalenaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

edster9999Commented:
Explain a little more.

Do you mean it changes their internet address.
So when they connect up, they get the IP 10.20.30.40 and this then shows up later as 10-20-30-40.provider.net ?
Or do you mean it changes addresses they are using - so they go to a web address of 10.20.30.40....and that changes ?

If it is there address that changes - is it their real public IP (on their home network) like 192.168.x.x that gets changed or the one they get from your VPN

...or... something totally different ?
0
giltjrCommented:
1-1-1-1.provider.net is not an IP address, that could be a host name, but IP addresses are numbers.
0
StrinalenaAuthor Commented:
Hi,

Thanks for the replies. The issue is on the actual VPN client - When the users opens the Cisco Any Connect client - instead of them getting the normal 1.1.1.1 address in the "Connect To" Field, they get 1-1-1-1.provider.net. So the address of the Firewall to terminate the connection changes for some reason.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

giltjrCommented:
Still confused.  IP Addresses can not have letters in them.

Is the 1.1.1.1 your public IP address?

If they click on connect, does it work?
0
StrinalenaAuthor Commented:
No - the Public ip is 87.224.XXX.XXX but when the users open the VPN client (You know - when you just double-click it) - instead of it showing the above ip address - it shows 87-224-XXX-XXX.name of the provider.net. The user has been able to use the client before but for some reason - at some point it gets changed and the user starts calling the helpdesk as there is no connection via the new strange address in the VPN client. It is not happenning regularly but there have been a few cases. Does this make any sense?
0
giltjrCommented:
It looks like something is doing a reverse lookup on the IP address of your VPN server and replacing the actual address with the name that is on the PTR record for the address.

It appears that if you have a ASA cluster setup with a specific redirection option, that can happen.

So:

Do you have a ASA cluster?

Do you have the option "redirect-fqdn enable" on your ASA cluster?

Look at the page below and search on "Enabling Redirection"


http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_params.html
0
StrinalenaAuthor Commented:
No ASA Cluster. The only comand on the device i find strange is the sysopt norpoxyarp inside. REally strange ans do not think that the issue is with the ASA but looks to me to be with the user's laptops.
So their machines are using their ISP's DNS servers and for some reason, you are saying that they are performing reverse DNS instead of forward one.
0
giltjrCommented:
Yes, something is deciding to do a reverse look-up and fill in the server field with the host name that is returned.

It can't do a forward lookup.  Forward look-ups take a name and see what IP address that maps to.  Reverse look-ups take an IP address and find out what name it is mapped to.

Since you know the public IP address, you can issue the command:

     nslookup x.x.x.x

Where x.x.x.x is the  IP address of the VPN server and see what is returned.  You will want to try this from inside your network and from the Internet.  

It's really not that big of a deal.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StrinalenaAuthor Commented:
I know - just annoying and it is not even our Firewall :-) Thanks for the replies
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.