Solved

My Cisco ASA won't allow clients to browse the internal network

Posted on 2008-10-30
12
199 Views
Last Modified: 2012-05-05
Hello, I have a Cisco ASA I'm trying to configure so remote clients can browse our internal network. I can make a connection to the network, but I can't see any machines on the network.  I've attached a copy of my ASA running config.
CiscoASA.txt
0
Comment
Question by:TimothyBoggess
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22848945
It's important to be aware of the fact that NETBios won't work over a VPN tunnel, because this is broadcasted traffic. As far as I know there is no "regular" way to browse a remote network.

Is your problem that your users can't browse the network, or can't the ping any devices at your LAN at all?
0
 

Author Comment

by:TimothyBoggess
ID: 22849555
Jay,
   I can ping only by IP address and no we can't browse the network.  However shouldn't DNS resolve the names to the addresses for browsing?  Regardless, if I can get the names resolved instead of simply relying on the IP address I think I would have a working solution.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 22849744
group-policy RemoteVPN attributes
dns-server value 192.168.1.59 <== give your VPN clients a dns server for mydomain.com
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22850049
Ah, I thought the actual browsing through 'network environment' was the problem Hence my question.

lrmoore's answer should provide you with the DNS you require.
0
 

Author Comment

by:TimothyBoggess
ID: 22850959
I put in the dns-server value in the group-policy RemoteVPN attributes and I can still only ping by IP address.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22852704
Try putting it into the DefaultRAGroup policy, too...
0
 

Author Comment

by:TimothyBoggess
ID: 22854143
I tried putting the dns-server value in the DefaultRAGroup too, but can still only ping by IP address.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22854318
Can you ping that dns server while connected to the LAN?
If yes?
Can you use nslookup against it while connected?
0
 

Author Comment

by:TimothyBoggess
ID: 22855006
I can ping one particular server on the network by IP address, but I cannot ping the dns server while I'm connected to the LAN.  I suspect there is more going on here than I'm aware of and I may need to delve deeper in the network setup.  (This is a network I inherited).
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22855019
Could be a routing issue where the internal router does not have a route to the VPn client pool subnet, or routes it someplace else.
I, too, suspect more than meets the eye here. As long as the client gets the proper dns server via VPN config, and that server can be reached while on the VPN, then all should be happy.
0
 

Author Comment

by:TimothyBoggess
ID: 22855122
I'll take a look at the internal router.  If I do an ipconfig /all while connected to the LAN it gives me a correct IP address from the ip pool on the ASA and it gives me the correct DNS servers that I set.  I'll let you know what I find on the router.
0
 

Author Closing Comment

by:TimothyBoggess
ID: 31512662
Thanks for the help on the dns issue.  I'm awarding the points and accepting the solution even though I still can't ping by name, but I think that's due to either a problem on the internal router or one of my switches.  If I do an ipconfig while connected as a VPN client, I'm getting the proper dns server for the connection which tells me you gave me the correct answer.  If I'm unable to troubleshoot the internal problem I'm having I'll be back with another question.  Thanks for your help!
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month5 days, left to enroll

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question