Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 39 subscribers
  • Views 2813 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Duplicate VPN IPs in DNS

tripleview

Hi All,

We have our firewall setup to assign VPN IPs in the range 10.140.98.0/24. I have noticed duplicate entries in DNS for those IPs - for example, I will see two hostnames with the IP of 10.140.98.2.

Is there a best practice for avoiding this behavior? TIA



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Could you please share some more detail of your current setup for VPN? Is that IP range 10.140.98.0/24 configured for SSL Remote access VPN? 

    Do you have any local interface on the firewall configured with the same network as the VPN?

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi  

    Could you please share some more detail of your current setup for VPN? Is that IP range 10.140.98.0/24 configured for SSL Remote access VPN? 

    Do you have any local interface on the firewall configured with the same network as the VPN?

    Thanks,

Children
  • 0 in reply to FormerMember

    That IP range is configured for SSL VPN. There is a local interface listed in "hostname override" in VPN Settings, but there isn't a local interface on the 10.140.98.0/24 subnet.

  • 0 in reply to tripleview

    Just wanted to provide some follow up...

    The issue I have described occurs because the option to "register this connection's addresses in DNS" is checked in Network Connections -> Sophos SSL VPN Adapter Properties -> TCP/IPv4 Properties Advanced -> DNS is enabled by default, so the VPN adapter attempts to register itself with the domain's DNS servers when an IP is assigned by the XG.

    When the VPN connection stops, there are no scripts/commands run by the Sophos client VPN application to remove the DNS entries, so they stay until scavenged on the DNS server. 

    We have scavenging set to 1 hour, but this is still too slow for VPN connections at times; the best workarounds I have been able to find so far are to either:

    -uncheck "register this connection's addresses in DNS" in the VPN adapter so the client never registers in DNS
    -use a third-party software like Synergix's AD Client Extensions to perform the DNS cleanup for Sophos

     

  • FormerMember
    0 FormerMember in reply to tripleview

    Hi  

    Thank you for following up to share your observations. The workarounds you have described are the current options available, but I will share your feedback to our team for their consideration.

    Thanks,

Unfiltered HTML