05-24-2011 01:45 PM
I am working with an ASA 5505. I have configured a Remote Access IPsec Connection profile. This profile is configured to give clients a virtual ip address via DHCP as shown in this configuration example:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a66bc6.shtml
When the DHCP request is sent from the ASA to the DHCP server, the hostname in the request is set to the name of the IPsec connection profile and a number. Is it possible to have the hostname set to the hostname of the client that initiated the connection?
Does the ASA support receiving a hostname as part of a IKE Mode Config Request?
Thank you,
Mark
Solved! Go to Solution.
05-26-2011 11:29 PM
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for IPV4 address!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for IPV4 net mask!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for DNS server address!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for WINS server address!
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Received unsupported transaction mode attribute: 5
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Banner!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Save PW setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Default Domain Name!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Split Tunnel List!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Split DNS!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for PFS setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Client Browser Proxy Setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for backup ip-sec peer list!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Application Version!
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Client Type: WinNT Client Application Version: 5.0.05.0290
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for FWTYPE!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for DHCP hostname for DDNS is: PD1-STATIC-WXP!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Obtained IP addr (192.168.1.4) prior to initiating Mode Cfg (XAuth enabled)
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Sending subnet mask (255.255.255.0) to remote client
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Assigned private IP address 192.168.1.4 to remote user
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, constructing blank hash payload
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Send Client Browser Proxy Attributes!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Browser Proxy set to No-Modify. Browser Proxy data will NOT be included in the mode-cfg reply
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Send Cisco Smartcard Removal Disconnect enable!!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, constructing qm hash payload
Aug 11 07:06:27 [IKEv1]: IP = 20.20.20.1, IKE_DECODE SENDING Message (msgid=fa774da7) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 206
Check above. The Tunnel-Group and the hostname. Also make sure that you have 'Register this connection in the DNS' setting checked under VA Advanced properties. This is by default in Cisco VPN client. If StrongSwan has a VA then it has to follow the rules in Windows API, this setting should be there if it has a VA, in case it is a miniport driver (shim) kind of setup, it may not have a VA.
Here is the packet:
Frame 9 (590 bytes on wire, 590 bytes captured)
Ethernet II, Src: Cisco_d7:74:dd (00:25:45:d7:74:dd), Dst: Vmware_ad:75:1b (00:50:56:ad:75:1b)
Internet Protocol, Src: 11.12.12.5 (11.12.12.5), Dst: 11.12.12.25 (11.12.12.25)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x011b5678
Seconds elapsed: 7
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 11.12.12.5 (11.12.12.5)
Client MAC address: Cisco_d7:74:dd (00:25:45:d7:74:dd)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (53) DHCP Message Type
Length: 1
Value: 01
Option: (t=57,l=2) Maximum DHCP Message Size = 1152
Option: (57) Maximum DHCP Message Size
Length: 2
Value: 0480
Option: (t=61,l=45) Client identifier
Option: (61) Client identifier
Length: 45
Value: 00636973636F2D303032352E343564372E373464642D5044...
Option: (t=12,l=15) Host Name = "PD1-STATIC-WXP"
Option: (12) Host Name
Length: 15
Value: 5044312D5354415449432D57585000
Option: (t=55,l=6) Parameter Request List
Option: (55) Parameter Request List
Length: 6
Value: 01060F2C0321
1 = Subnet Mask
6 = Domain Name Server
15 = Domain Name
44 = NetBIOS over TCP/IP Name Server
3 = Router
33 = Static Route
End Option
Padding
The only thing left untried is the "Register this connection in the DNS" thingy which you can find in the Advanced properties of the VA.
05-25-2011 03:02 AM
VPN Client send its hostname to the ASA while negotiating, always. Try to add 'dhcp-client update dns' in the global configuration mode on the ASA and see if that helps. You may run into CSCsz07892.
However, I have not experienced an easy life when the client updates the DDNS records on the DNS server based on BootP. What happens generaly is when the client disconnects abnormally and connects again leaving duplicate entries in the DNS server. The DNS server needs to be scavanged periodically.
Your milage may vary.
-Vikas
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/d2.html#wp1975821
05-25-2011 01:08 PM
Thank you for the suggestions. I tried enabling 'dhcp-client update dns' and 'dhcp-client client-id interface outside' as those seem to be what I need according to the documentation at:
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/d2.html#wp1975821
However the DHCP Discover packets from the ASA still have a generated ASCII string for option 61 instead of the MAC address. I am using version 8.2.1, and tried looking through the open caveats for a reference to CSCsz07892 but could not find anything. Any ideas on why the MAC address is not included in the DHCP discover?
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
Does the behavior of the ASA depend on the client software that is connecting to it? I am using strongswan as a client.
Thank you,
Mark
05-25-2011 05:03 PM
More information that would be helpful is: What information does the ASA use to make a DHCP Discover packet when the ASA is used as a DHCP proxy for VPN clients?
I am specifically interested in option 12, the hostname.
I would like to have the hostname set to the hostname of the client that is initiating the VPN connection, but I am seeing the hostname field populated with the name of the IPsec connection profile and a number.
Thanks,
Mark
05-25-2011 11:31 PM
check this packet, which is captured when my Cisco IPSEC vpn client requested an IP address:
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x03c641f0
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 11.12.12.5 (11.12.12.5)
Client MAC address: Cisco_4e:31:60 (00:07:0e:4e:31:60)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (53) DHCP Message Type
Length: 1
Value: 01
Option: (t=57,l=2) Maximum DHCP Message Size = 1152
Option: (57) Maximum DHCP Message Size
Length: 2
Value: 0480
Option: (t=61,l=46) Client identifier
Option: (61) Client identifier
Length: 46
Value: 00636973636f2d303030372e306534652e333136302d6a65...
Option: (t=12,l=16) Host Name = "PD1-WXP"
Option: (12) Host Name
Length: 16
Value: 6a656673636875742d6c6162626f7800
Option: (t=55,l=6) Parameter Request List
Option: (55) Parameter Request List
Length: 6
Value: 01060f2c0321
1 = Subnet Mask
6 = Domain Name Server
15 = Domain Name
44 = NetBIOS over TCP/IP Name Server
3 = Router
33 = Static Route
Option: (t=81,l=19) Client Fully Qualified Domain Name
Option: (81) Client Fully Qualified Domain Name
Length: 19
Value: 0500000f6a656673636875742d6c6162626f78
Flags: 0x05
0000 .... = Reserved flags: 0x00
.... 0... = Server DDNS: Some server updates
.... .1.. = Encoding: Binary encoding
.... ..0. = Server overrides: No override
.... ...1 = Server: Server
A-RR result: 0
PTR-RR result: 0
Client name: PD1-WXP
End Option
Padding
check
option: (t=12,l=16) Host Name = "PD1-WXP"
Option: (12) Host Name
Length: 16
Value: 6a656673636875742d6c6162626f7800
Also check the last '00' in the Value field, the defect is for that. It is cosmetic and does not interefer with the functioning.
This is Cisco VPN client. When the client is connecting check the debugs 'debug cry isa 127' you should see the hostname, in case you do not see the hostname than it is the strongswan client which is not picking that up.
05-26-2011 12:30 PM
Thank you for the example packet. I have attached the DHCP Discover packet sent from my Cisco ASA when a VPN client requests an address.
Internet Protocol, Src: 192.168.8.7 (192.168.8.7), Dst: 192.168.8.3 (192.168.8.3)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x088564be
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 192.168.8.7 (192.168.8.7)
Client MAC address: Cisco_75:ca:17 (00:21:55:75:ca:17)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (53) DHCP Message Type
Length: 1
Value: 01
Option: (t=57,l=2) Maximum DHCP Message Size = 1152
Option: (57) Maximum DHCP Message Size
Length: 2
Value: 0480
Option: (t=61,l=32) Client identifier
Option: (61) Client identifier
Length: 32
Value: 00636973636F2D303032312E353537352E636131372D3438...
Option: (t=12,l=11) Host Name = "MY_VPN-48"
Option: (12) Host Name
Length: 11
Value: 5456455F56504E2D343800
Option: (t=55,l=6) Parameter Request List
Option: (55) Parameter Request List
Length: 6
Value: 01060F2C0321
1 = Subnet Mask
6 = Domain Name Server
15 = Domain Name
44 = NetBIOS over TCP/IP Name Server
3 = Router
33 = Static Route
Option: (t=81,l=14) Client Fully Qualified Domain Name
Option: (81) Client Fully Qualified Domain Name
Length: 14
Value: 0400000A5456455F56504E2D3438
Flags: 0x04
0000 .... = Reserved flags: 0x00
.... 0... = Server DDNS: Some server updates
.... .1.. = Encoding: Binary encoding
.... ..0. = Server overrides: No override
.... ...0 = Server: Client
A-RR result: 0
PTR-RR result: 0
Client name: 0A5456455F56504E2D3438
End Option
Padding
In option 12:
Option: (t=12,l=11) Host Name = "MY_VPN-48"
Option: (12) Host Name
Length: 11
Value: 5456455F56504E2D343800
MY_VPN is the name of the IPsec connection profile on the ASA, and I would like it to have the hostname of the client requesting the address.
Would it be possible to show me an example of where the hostname should be in the 'debug cry isa 127' output? My output from this command is attached in the file debug_cry.txt
05-25-2011 11:13 PM
'dhcp-client client-id interface outside'. This command is used when the ASA itself is a DHCP client .i.e ASA outside interface has 'ip address dhcp' configured. It is unrelated to VPN client dhcp-client update dns command.
Cisco IPSEC VPN client does not use option 61 and there is no way you can push a MAC address from the Cisco VPN Client. Cisco VPN Client does not use any MAC address. The MAC address which is there on the VA will be same for that version of the VPN Client in all the installations across globe (MAC address has only local significance).
>>Does the behavior of the ASA depend on the client software that is connecting to it? I am using strongswan as a client.
I have a reason to believe that the above statement is true. Cisco IPSEC vpn client sends Vendor specific attributes in mode config, as far as functioning of the IKE protocol is concern, it does not change, however since those attributes are missing then the behavior independet to the IKE protocol will change.
05-26-2011 05:16 PM
visaxena wrote:
>>Does the behavior of the ASA depend on the client software that is connecting to it? I am using strongswan as a client.
I have a reason to believe that the above statement is true. Cisco IPSEC vpn client sends Vendor specific attributes in mode config, as far as functioning of the IKE protocol is concern, it does not change, however since those attributes are missing then the behavior independet to the IKE protocol will change.
Would it be possible to imitate the Vendor specific attributes, so that another client could send the hostname in the format the ASA expects to receive it in?
05-26-2011 11:29 PM
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for IPV4 address!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for IPV4 net mask!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for DNS server address!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for WINS server address!
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Received unsupported transaction mode attribute: 5
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Banner!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Save PW setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Default Domain Name!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Split Tunnel List!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Split DNS!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for PFS setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Client Browser Proxy Setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for backup ip-sec peer list!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for Application Version!
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Client Type: WinNT Client Application Version: 5.0.05.0290
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for FWTYPE!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, MODE_CFG: Received request for DHCP hostname for DDNS is: PD1-STATIC-WXP!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Obtained IP addr (192.168.1.4) prior to initiating Mode Cfg (XAuth enabled)
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Sending subnet mask (255.255.255.0) to remote client
Aug 11 07:06:27 [IKEv1]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Assigned private IP address 192.168.1.4 to remote user
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, constructing blank hash payload
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Send Client Browser Proxy Attributes!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Browser Proxy set to No-Modify. Browser Proxy data will NOT be included in the mode-cfg reply
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, Send Cisco Smartcard Removal Disconnect enable!!
Aug 11 07:06:27 [IKEv1 DEBUG]: Group = IPSEC-Test, Username = cisco, IP = 20.20.20.1, constructing qm hash payload
Aug 11 07:06:27 [IKEv1]: IP = 20.20.20.1, IKE_DECODE SENDING Message (msgid=fa774da7) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 206
Check above. The Tunnel-Group and the hostname. Also make sure that you have 'Register this connection in the DNS' setting checked under VA Advanced properties. This is by default in Cisco VPN client. If StrongSwan has a VA then it has to follow the rules in Windows API, this setting should be there if it has a VA, in case it is a miniport driver (shim) kind of setup, it may not have a VA.
Here is the packet:
Frame 9 (590 bytes on wire, 590 bytes captured)
Ethernet II, Src: Cisco_d7:74:dd (00:25:45:d7:74:dd), Dst: Vmware_ad:75:1b (00:50:56:ad:75:1b)
Internet Protocol, Src: 11.12.12.5 (11.12.12.5), Dst: 11.12.12.25 (11.12.12.25)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x011b5678
Seconds elapsed: 7
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 11.12.12.5 (11.12.12.5)
Client MAC address: Cisco_d7:74:dd (00:25:45:d7:74:dd)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (53) DHCP Message Type
Length: 1
Value: 01
Option: (t=57,l=2) Maximum DHCP Message Size = 1152
Option: (57) Maximum DHCP Message Size
Length: 2
Value: 0480
Option: (t=61,l=45) Client identifier
Option: (61) Client identifier
Length: 45
Value: 00636973636F2D303032352E343564372E373464642D5044...
Option: (t=12,l=15) Host Name = "PD1-STATIC-WXP"
Option: (12) Host Name
Length: 15
Value: 5044312D5354415449432D57585000
Option: (t=55,l=6) Parameter Request List
Option: (55) Parameter Request List
Length: 6
Value: 01060F2C0321
1 = Subnet Mask
6 = Domain Name Server
15 = Domain Name
44 = NetBIOS over TCP/IP Name Server
3 = Router
33 = Static Route
End Option
Padding
The only thing left untried is the "Register this connection in the DNS" thingy which you can find in the Advanced properties of the VA.
06-16-2011 08:02 AM
During the Modeconfig exchange a packet needs to be sent with the attribute UNITY_DDNS_HOSTNAME, and a value of the hostname.
I am now however running into CSCsz07892. The hostname is registered in the DHCP server with ip address it is associated with, but the hostname has an invalid character at the front of its name which is represented by a Box.
When the DHCP attempts to update the DNS server with the hostname, the DNS server rejects the update because of the invalid character.
Is there a fix or workaround for CSCsz07892?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide