Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12835
Views
19
Helpful
9
Replies

DHCP with VPN

Go to solution
mdmarwil1
Level 1
Level 1

‎05-24-2011 01:45 PM

I am working with an ASA 5505.  I have configured a Remote Access IPsec Connection profile.  This profile is configured to give clients a virtual ip address via DHCP as shown in this configuration example:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a66bc6.shtml

When the DHCP request is sent from the ASA to the DHCP server, the hostname in the request is set to the name of the IPsec connection profile and a number.  Is it possible to have the hostname set to the hostname of the client that initiated the connection?

Does the ASA support receiving a hostname as part of a IKE Mode Config Request?

Thank you,

Mark

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vikas Saxena
Cisco Employee
Cisco Employee
In response to mdmarwil1

‎05-26-2011 11:29 PM 

Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for IPV4 address!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for IPV4 net mask!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for DNS server address!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for WINS server address!
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Received unsupported transaction mode attribute: 5
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Banner!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Save PW setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Default Domain Name!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Split Tunnel List!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Split DNS!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for PFS setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Client Browser Proxy Setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for backup ip-sec peer list!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Application Version!
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Client Type: WinNT  Client Application Version: 5.0.05.0290
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for FWTYPE!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for DHCP hostname for DDNS is: PD1-STATIC-WXP!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Obtained IP addr (192.168.1.4) prior to initiating Mode Cfg (XAuth enabled)
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Sending subnet mask (255.255.255.0) to remote client
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Assigned private IP address 192.168.1.4 to remote user
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, constructing blank hash payload
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Send Client Browser Proxy Attributes!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Browser Proxy set to No-Modify. Browser Proxy data will NOT be included in the mode-cfg reply
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Send Cisco Smartcard Removal Disconnect enable!!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, constructing qm hash payload
Aug 11 07:06:27 [IKEv1]: IP = 20.20.20.1, IKE_DECODE SENDING Message (msgid=fa774da7) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 206

Check above. The Tunnel-Group and the hostname. Also make sure that you have 'Register this connection in the DNS' setting checked under VA Advanced properties. This is by default in Cisco VPN client. If StrongSwan has a VA then it has to follow the rules in Windows API, this setting should be there if it has a VA, in case it is a miniport driver (shim) kind of setup, it may not have a VA.

Here is the packet:

Frame 9 (590 bytes on wire, 590 bytes captured)
Ethernet II, Src: Cisco_d7:74:dd (00:25:45:d7:74:dd), Dst: Vmware_ad:75:1b (00:50:56:ad:75:1b)
Internet Protocol, Src: 11.12.12.5 (11.12.12.5), Dst: 11.12.12.25 (11.12.12.25)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Bootstrap Protocol
    Message type: Boot Request (1)
    Hardware type: Ethernet
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x011b5678
    Seconds elapsed: 7
    Bootp flags: 0x0000 (Unicast)
        0... .... .... .... = Broadcast flag: Unicast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0 (0.0.0.0)
    Your (client) IP address: 0.0.0.0 (0.0.0.0)
    Next server IP address: 0.0.0.0 (0.0.0.0)
    Relay agent IP address: 11.12.12.5 (11.12.12.5)
    Client MAC address: Cisco_d7:74:dd (00:25:45:d7:74:dd)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: (OK)
    Option: (t=53,l=1) DHCP Message Type = DHCP Discover
        Option: (53) DHCP Message Type
        Length: 1
        Value: 01
    Option: (t=57,l=2) Maximum DHCP Message Size = 1152
        Option: (57) Maximum DHCP Message Size
        Length: 2
        Value: 0480
    Option: (t=61,l=45) Client identifier
        Option: (61) Client identifier
        Length: 45
        Value: 00636973636F2D303032352E343564372E373464642D5044...
    Option: (t=12,l=15) Host Name = "PD1-STATIC-WXP"
        Option: (12) Host Name
        Length: 15
        Value: 5044312D5354415449432D57585000
    Option: (t=55,l=6) Parameter Request List
        Option: (55) Parameter Request List
        Length: 6
        Value: 01060F2C0321
        1 = Subnet Mask
        6 = Domain Name Server
        15 = Domain Name
        44 = NetBIOS over TCP/IP Name Server
        3 = Router
        33 = Static Route
    End Option
    Padding

The only thing left untried is the "Register this connection in the DNS" thingy which you can find in the Advanced properties of the VA.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Vikas Saxena
Cisco Employee
Cisco Employee

‎05-25-2011 03:02 AM

VPN Client send its hostname to the ASA while negotiating, always. Try to add 'dhcp-client update dns' in the global configuration mode on the ASA and see if that helps. You may run into CSCsz07892.

However, I have not experienced an easy life when the client updates the DDNS records on the DNS server based on BootP. What happens generaly is when the client disconnects abnormally and connects again leaving duplicate entries in the DNS server. The DNS server needs to be scavanged periodically.

Your milage may vary.

-Vikas

http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/d2.html#wp1975821

Go to solution
mdmarwil1
Level 1
Level 1
In response to Vikas Saxena

‎05-25-2011 01:08 PM

Thank you for the suggestions. I tried enabling 'dhcp-client update dns' and 'dhcp-client client-id interface outside' as those seem to be what I need according to the documentation at:

http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/d2.html#wp1975821

However the DHCP Discover packets from the ASA still have a generated ASCII string for option 61 instead of the MAC address.  I am using version 8.2.1, and tried looking through the open caveats for a reference to  CSCsz07892 but could not find anything.  Any ideas on why the MAC address is not included in the DHCP discover?

      http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html

Does the behavior of the ASA depend on the client software that is connecting to it? I am using strongswan as a client.

Thank you,

Mark

0 Helpful

Go to solution
mdmarwil1
Level 1
Level 1
In response to mdmarwil1

‎05-25-2011 05:03 PM

More information that would be helpful is:  What information does the ASA use to make a DHCP Discover packet when the ASA is used as a DHCP proxy for VPN clients?

I am specifically interested in option 12, the hostname.

I would like to have the hostname set to the hostname of the client that is initiating the VPN connection, but I am seeing the hostname field populated with the name of the IPsec connection profile and a number.

Thanks,

Mark

0 Helpful

Go to solution
Vikas Saxena
Cisco Employee
Cisco Employee
In response to mdmarwil1

‎05-25-2011 11:31 PM

check this packet, which is captured when my Cisco IPSEC vpn client requested an IP address:

User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Bootstrap Protocol
    Message type: Boot Request (1)
    Hardware type: Ethernet
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x03c641f0
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0 (0.0.0.0)
    Your (client) IP address: 0.0.0.0 (0.0.0.0)
    Next server IP address: 0.0.0.0 (0.0.0.0)
    Relay agent IP address: 11.12.12.5 (11.12.12.5)
    Client MAC address: Cisco_4e:31:60 (00:07:0e:4e:31:60)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (t=53,l=1) DHCP Message Type = DHCP Discover
        Option: (53) DHCP Message Type
        Length: 1
        Value: 01
    Option: (t=57,l=2) Maximum DHCP Message Size = 1152
        Option: (57) Maximum DHCP Message Size
        Length: 2
        Value: 0480
    Option: (t=61,l=46) Client identifier
        Option: (61) Client identifier
        Length: 46
        Value: 00636973636f2d303030372e306534652e333136302d6a65...
    Option: (t=12,l=16) Host Name = "PD1-WXP"
        Option: (12) Host Name
        Length: 16
        Value: 6a656673636875742d6c6162626f7800
    Option: (t=55,l=6) Parameter Request List
        Option: (55) Parameter Request List
        Length: 6
        Value: 01060f2c0321
        1 = Subnet Mask
        6 = Domain Name Server
        15 = Domain Name
        44 = NetBIOS over TCP/IP Name Server
        3 = Router
        33 = Static Route
    Option: (t=81,l=19) Client Fully Qualified Domain Name
        Option: (81) Client Fully Qualified Domain Name
        Length: 19
        Value: 0500000f6a656673636875742d6c6162626f78
        Flags: 0x05
        0000 .... = Reserved flags: 0x00
        .... 0... = Server DDNS: Some server updates
        .... .1.. = Encoding: Binary encoding
        .... ..0. = Server overrides: No override
        .... ...1 = Server: Server
        A-RR result: 0
        PTR-RR result: 0
       Client name: PD1-WXP
    End Option
    Padding

check

option: (t=12,l=16) Host Name = "PD1-WXP"
        Option: (12) Host Name
        Length: 16
        Value: 6a656673636875742d6c6162626f7800

Also check the last '00' in the Value field, the defect is for that. It is cosmetic and does not interefer with the functioning.

This is Cisco VPN client. When the client is connecting check the debugs 'debug cry isa 127' you should see the hostname, in case you do not see the hostname than it is the strongswan client which is not picking that up.

Go to solution
mdmarwil1
Level 1
Level 1
In response to Vikas Saxena

‎05-26-2011 12:30 PM

Thank you for the example packet.  I have attached the DHCP Discover packet sent from my Cisco ASA when a VPN client requests an address.

Internet Protocol, Src: 192.168.8.7 (192.168.8.7), Dst: 192.168.8.3 (192.168.8.3)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Bootstrap Protocol
    Message type: Boot Request (1)
    Hardware type: Ethernet
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x088564be
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
        0... .... .... .... = Broadcast flag: Unicast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0 (0.0.0.0)
    Your (client) IP address: 0.0.0.0 (0.0.0.0)
    Next server IP address: 0.0.0.0 (0.0.0.0)
    Relay agent IP address: 192.168.8.7 (192.168.8.7)
    Client MAC address: Cisco_75:ca:17 (00:21:55:75:ca:17)
    Server host name not given
    Boot file name not given
    Magic cookie: (OK)
    Option: (t=53,l=1) DHCP Message Type = DHCP Discover
        Option: (53) DHCP Message Type
        Length: 1
        Value: 01
    Option: (t=57,l=2) Maximum DHCP Message Size = 1152
        Option: (57) Maximum DHCP Message Size
        Length: 2
        Value: 0480
    Option: (t=61,l=32) Client identifier
        Option: (61) Client identifier
        Length: 32
        Value: 00636973636F2D303032312E353537352E636131372D3438...
    Option: (t=12,l=11) Host Name = "MY_VPN-48"
        Option: (12) Host Name
        Length: 11
        Value: 5456455F56504E2D343800
    Option: (t=55,l=6) Parameter Request List
        Option: (55) Parameter Request List
        Length: 6
        Value: 01060F2C0321
        1 = Subnet Mask
        6 = Domain Name Server
        15 = Domain Name
        44 = NetBIOS over TCP/IP Name Server
        3 = Router
        33 = Static Route
    Option: (t=81,l=14) Client Fully Qualified Domain Name
        Option: (81) Client Fully Qualified Domain Name
        Length: 14
        Value: 0400000A5456455F56504E2D3438
        Flags: 0x04
        0000 .... = Reserved flags: 0x00
        .... 0... = Server DDNS: Some server updates
        .... .1.. = Encoding: Binary encoding
        .... ..0. = Server overrides: No override
        .... ...0 = Server: Client
        A-RR result: 0
        PTR-RR result: 0
        Client name: 0A5456455F56504E2D3438
    End Option
    Padding

In option 12:

    Option: (t=12,l=11) Host Name = "MY_VPN-48"
        Option: (12) Host Name
        Length: 11
        Value: 5456455F56504E2D343800

MY_VPN is the name of the IPsec connection profile on the ASA, and I would like it to have the hostname of the client requesting the address.

Would it be possible to show me an example of where the hostname should be in the 'debug cry isa 127' output?  My output from this command is attached in the file debug_cry.txt

86979-debug_cry.txt.zip
0 Helpful

Go to solution
Vikas Saxena
Cisco Employee
Cisco Employee
In response to mdmarwil1

‎05-25-2011 11:13 PM

'dhcp-client client-id interface outside'. This command is used when the ASA itself is a DHCP client .i.e ASA outside interface has 'ip address dhcp' configured. It is unrelated to VPN client dhcp-client update dns command.

Cisco IPSEC VPN client does not use option 61 and there is no way you can push a MAC address from the Cisco VPN Client. Cisco VPN Client does not use any MAC address. The MAC address which is there on the VA will be same for that version of the VPN Client in all the installations across globe (MAC address has only local significance).

>>Does the behavior of the ASA depend on the client software that is connecting to it? I am using strongswan as a client.

I have a reason to believe that the above statement is true. Cisco IPSEC vpn client sends Vendor specific attributes in mode config, as far as functioning of the IKE protocol is concern, it does not change, however since those attributes are missing then the behavior independet to the IKE protocol will change.

Go to solution
mdmarwil1
Level 1
Level 1
In response to Vikas Saxena

‎05-26-2011 05:16 PM 

visaxena wrote:
>>Does the behavior of the ASA depend on the client software that is connecting to it? I am using strongswan as a client.
I have a reason to believe that the above statement is true. Cisco IPSEC vpn client sends Vendor specific attributes in mode config, as far as functioning of the IKE protocol is concern, it does not change, however since those attributes are missing then the behavior independet to the IKE protocol will change.

Would it be possible to imitate the Vendor specific attributes, so that another client could send the hostname in the format the ASA expects to receive it in?

0 Helpful

Go to solution
Vikas Saxena
Cisco Employee
Cisco Employee
In response to mdmarwil1

‎05-26-2011 11:29 PM 

Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for IPV4 address!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for IPV4 net mask!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for DNS server address!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for WINS server address!
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Received unsupported transaction mode attribute: 5
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Banner!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Save PW setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Default Domain Name!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Split Tunnel List!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Split DNS!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for PFS setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Client Browser Proxy Setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for backup ip-sec peer list!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Application Version!
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Client Type: WinNT  Client Application Version: 5.0.05.0290
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for FWTYPE!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for DHCP hostname for DDNS is: PD1-STATIC-WXP!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Obtained IP addr (192.168.1.4) prior to initiating Mode Cfg (XAuth enabled)
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Sending subnet mask (255.255.255.0) to remote client
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Assigned private IP address 192.168.1.4 to remote user
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, constructing blank hash payload
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Send Client Browser Proxy Attributes!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Browser Proxy set to No-Modify. Browser Proxy data will NOT be included in the mode-cfg reply
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Send Cisco Smartcard Removal Disconnect enable!!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, constructing qm hash payload
Aug 11 07:06:27 [IKEv1]: IP = 20.20.20.1, IKE_DECODE SENDING Message (msgid=fa774da7) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 206

Check above. The Tunnel-Group and the hostname. Also make sure that you have 'Register this connection in the DNS' setting checked under VA Advanced properties. This is by default in Cisco VPN client. If StrongSwan has a VA then it has to follow the rules in Windows API, this setting should be there if it has a VA, in case it is a miniport driver (shim) kind of setup, it may not have a VA.

Here is the packet:

Frame 9 (590 bytes on wire, 590 bytes captured)
Ethernet II, Src: Cisco_d7:74:dd (00:25:45:d7:74:dd), Dst: Vmware_ad:75:1b (00:50:56:ad:75:1b)
Internet Protocol, Src: 11.12.12.5 (11.12.12.5), Dst: 11.12.12.25 (11.12.12.25)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Bootstrap Protocol
    Message type: Boot Request (1)
    Hardware type: Ethernet
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x011b5678
    Seconds elapsed: 7
    Bootp flags: 0x0000 (Unicast)
        0... .... .... .... = Broadcast flag: Unicast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0 (0.0.0.0)
    Your (client) IP address: 0.0.0.0 (0.0.0.0)
    Next server IP address: 0.0.0.0 (0.0.0.0)
    Relay agent IP address: 11.12.12.5 (11.12.12.5)
    Client MAC address: Cisco_d7:74:dd (00:25:45:d7:74:dd)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: (OK)
    Option: (t=53,l=1) DHCP Message Type = DHCP Discover
        Option: (53) DHCP Message Type
        Length: 1
        Value: 01
    Option: (t=57,l=2) Maximum DHCP Message Size = 1152
        Option: (57) Maximum DHCP Message Size
        Length: 2
        Value: 0480
    Option: (t=61,l=45) Client identifier
        Option: (61) Client identifier
        Length: 45
        Value: 00636973636F2D303032352E343564372E373464642D5044...
    Option: (t=12,l=15) Host Name = "PD1-STATIC-WXP"
        Option: (12) Host Name
        Length: 15
        Value: 5044312D5354415449432D57585000
    Option: (t=55,l=6) Parameter Request List
        Option: (55) Parameter Request List
        Length: 6
        Value: 01060F2C0321
        1 = Subnet Mask
        6 = Domain Name Server
        15 = Domain Name
        44 = NetBIOS over TCP/IP Name Server
        3 = Router
        33 = Static Route
    End Option
    Padding

The only thing left untried is the "Register this connection in the DNS" thingy which you can find in the Advanced properties of the VA.

0 Helpful

Go to solution
mdmarwil1
Level 1
Level 1
In response to Vikas Saxena

‎06-16-2011 08:02 AM

During the Modeconfig exchange a packet needs to be sent with the attribute UNITY_DDNS_HOSTNAME, and a value of the hostname. 

I am now however running into CSCsz07892.  The hostname is registered in the DHCP server with ip address it is associated with, but the hostname has an invalid character at the front of its name which is represented by a Box.

When the DHCP attempts to update the DNS server with the hostname, the DNS server rejects the update because of the invalid character. 

Is there a fix or workaround for CSCsz07892?

0 Helpful
Customers Also Viewed These Support Documents