Avatar of Inbox360
Inbox360

asked on 

Problems accessing mapped drive over Cisco ASA vpn connection

Our problem is that i have a cisco asa 5505 setup for ipsec vpn with our workers who have laptops.  when i moved them to active directory i put a Z: mapped drive on by a logon script with gpo.  when they are local they can access it fine but when they are out of the office accessing our vpn connection through a verizon broadband card or wireless somewhere, sometimes they cannot access the z: drive.  I have it setup as \\name of server\share.  It brings up "an error occurred while connecting to Z: ..."  So then i told them to map a drive with the \\ip address\share and then it works.  I have DNS setup and WINS.  Everything is the same subnet though.  192.168.1.0/24  i was reading about this. is this the problem? .50to.200 are normal dhcp.  .201 to 254 is for vpn dhcp.  .2 to 49 are for static.  any insight would be great?
CiscoNetworking ProtocolsDNS

Avatar of undefined
Last Comment
Inbox360
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image

Are the VPN clients receiving the IP address of the internal DNS server?
Avatar of Inbox360
Inbox360

ASKER

yes in the internal group policy that they get. i call it ustw.  under general i have the dns and wins ip in there with inherit unchecked.  they are both the same server so they are both the same ip.  
Most of the people that connect to vpn can access the server thru there mapped drive with the name.  every now and then a certain user has a problem and they use the ip address to map the drive and it works? i cant figure it out? thanks
You have to setup FQDN for the server eg. \\servername.company.com\share
It should solved your problem.
BTW please try to ping your server netbios name via VPN.
ASKER CERTIFIED SOLUTION
Avatar of ChiefIT
ChiefIT
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Inbox360
Inbox360

ASKER

don't know if im having a problem with wins? how would i know? it looks like its tombstoning records and most are active.
so if i map it to that, i assume it will use dns now? do i change the .bat file that i use "net use" to map my drives? right now it is this.
net use * /d
net use z: \\intenna-d....\intenna
i would change it to \\intenna-d....\intenna.local\intenna  ?
at my site, the dc is the only server. it also it a gc. thanks for any help.
NO, it should be FQDN for server, eg:
if your server netbios name is: intenna-dxxx than
net use z: \\intenna-dxxx.intenna.local\intenna


Avatar of Inbox360
Inbox360

ASKER

i guess what i have set is causing the problem? I am going to make this change.  Is this causing the problem you think or is it DNS or WINS? thanks
Avatar of ChiefIT
ChiefIT
Flag of United States of America image

As adml was eluding to, it depends on the syntax of the UNC path you use to map to.

\\servername\\share uses netbios and WINS
\\Servernam.domain.name\share maps using the DNS address
\\x.x.x.x\share (where x.x.x.x is the IP address of the computer you are trying to map to) maps by IP address.

There are simple tests you can perform to determing the ability to connect via DNS or IP address.

1) Ping x.x.x.x (will resolve a ping to the IP address)
2) Ping -a x.x.x.x (will resolve the Host name, also known as the DNS name)
3) NSlookup  servername  will allow you to see the DNS contact to the remote server. If your client machine doesn't have a cached DNS entry for the remote server, you will also see the query go to the local DNS server. This is a very handy tool.

I believe your problem is a WINS problem. You may have tombstoned records in WINS. This is why mapping the netbios UNC path is not working.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of Inbox360
Inbox360

ASKER

where exactly is "group-policy [name] attributes" (ASA configuration)? i looked through asdm and cant find it but i did find under properties under dns server groups was default.domain.invalid so i changed it to intenna.local.  i think that is it and i enabled dns lookup on the inside.  In group policy i have my users default to a group policy that gives them the ip of our dns so i think this should work.

As for wins, what would i not have setup correct? the intervals are defaults so doesn't that clear out the tombstoned records after 24 hours? just asking. i thought i knew how to set it up? there are no replication partners.  Thanks. any help would be great.
group policy setup: general>group policy>edit "group policy".
There you can find group policy settings such as: dns, wins, etc..
Avatar of Inbox360
Inbox360

ASKER

ok under dns and wins i put in the private ip address of the dns and wins. is that ok?
DNS
DNS

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

29K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo