EzVPN on Router IOS - Dynamic DNS/DHCP

Unanswered Question
Aug 23rd, 2007

Does anybody know who to obtain DNS Server, Wins Server and Domainname entries for the Cisco VPN Dialer (Softwareclient) via dynamic DNS/DHCP (MODE_CFG_REPLY) during IPSec/VPN setup. Cisco dialer connect to a EzVPN server based on a router IOS. DNS/WINS/Domain information are not provided to the Cisco dialer, although this information is given by the dhcp network server.

DEBUG from Cisco VPN Client:

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 10.236.195.130

121 08:45:36.508 08/24/07 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.128

122 08:45:36.508 08/24/07 Sev=Info/5 IKE/0xA3000017

MODE_CFG_REPLY: The received (INTERNAL_ADDRESS_EXPIRY) attribute and value (-128) is not supported

123 08:45:36.508 08/24/07 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000

124 08:45:36.508 08/24/07 Sev=Info/5 IKE/0xA3000015

MODE_CFG_REPLY: Received MODECFG_UNITY_SPLITDNS_NAME attribute with no data

125 08:45:36.508 08/24/07 Sev=Info/5 IKE/0x6300000E

MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.4(11)T2, RELEASE SOFTWARE (fc4)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Mon 30-Apr-07 13:26 by prod_rel_team

When these parameters are configured on the router under the vpn group, it will work.

Debug from Cisco VPN Client:

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 10.236.195.130

31 08:38:05.740 08/24/07 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.255.128

32 08:38:05.740 08/24/07 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 10.65.57.153

33 08:38:05.740 08/24/07 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = 10.65.57.41

34 08:38:05.740 08/24/07 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = 10.64.197.34

35 08:38:05.750 08/24/07 Sev=Info/5 IKE/0x63000010

MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(2) (a.k.a. WINS) : , value = 10.64.197.33

36 08:38:05.750 08/24/07 Sev=Info/5 IKE/0xA3000017

MODE_CFG_REPLY: The received (INTERNAL_ADDRESS_EXPIRY) attribute and value (172016929) is not supported

37 08:38:05.750 08/24/07 Sev=Info/5 IKE/0x6300000D

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000

38 08:38:05.750 08/24/07 Sev=Info/5 IKE/0x6300000E

MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = net.de

39 08:38:05.750 08/24/07 Sev=Info/5 IKE/0xA3000015

MODE_CFG_REPLY: Received MODECFG_UNITY_SPLITDNS_NAME attribute with no data

40 08:38:05.750 08/24/07 Sev=Info/5 IKE/0x6300000E

MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.4(11)T2, RELEASE SOFTWARE (fc4)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Mon 30-Apr-07 13:26 by prod_rel_team

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
amritpatek Thu, 08/30/2007 - 06:26
gadholwi1 Tue, 09/11/2007 - 00:27

thx for the answer, when the router provides the information to the client is works well. I posted the LOGs above.

What I'm looking for is the way how to use the information from the dhcp offer during client configuration.

With 12.4(9)T IOS Release the dhcp-server command was added to 'crypto isakmp client configuartion group', but it was not possible to difine the dhcp scope.

With 12.4(11)T the dhcp giaddr command was added and now you are able to define the dhcp scope for the ipsec clients.

But never the less as described above not all information fron the dhcp offer is used during the ipsec setup.

gadholwi1 Tue, 10/16/2007 - 23:45

Up to now this feature is not supported by Cisco IOS.

Cisco will update the documentation and also a feature request is opened.

Actions

This Discussion