Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

My Cisco ASA won't allow clients to browse the internal network

Posted on 2008-10-30
12
Medium Priority
?
203 Views
Last Modified: 2012-05-05
Hello, I have a Cisco ASA I'm trying to configure so remote clients can browse our internal network. I can make a connection to the network, but I can't see any machines on the network.  I've attached a copy of my ASA running config.
CiscoASA.txt
0
Comment
Question by:TimothyBoggess
  • 6
  • 4
  • 2
12 Comments
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22848945
It's important to be aware of the fact that NETBios won't work over a VPN tunnel, because this is broadcasted traffic. As far as I know there is no "regular" way to browse a remote network.

Is your problem that your users can't browse the network, or can't the ping any devices at your LAN at all?
0
 

Author Comment

by:TimothyBoggess
ID: 22849555
Jay,
   I can ping only by IP address and no we can't browse the network.  However shouldn't DNS resolve the names to the addresses for browsing?  Regardless, if I can get the names resolved instead of simply relying on the IP address I think I would have a working solution.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 22849744
group-policy RemoteVPN attributes
dns-server value 192.168.1.59 <== give your VPN clients a dns server for mydomain.com
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22850049
Ah, I thought the actual browsing through 'network environment' was the problem Hence my question.

lrmoore's answer should provide you with the DNS you require.
0
 

Author Comment

by:TimothyBoggess
ID: 22850959
I put in the dns-server value in the group-policy RemoteVPN attributes and I can still only ping by IP address.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22852704
Try putting it into the DefaultRAGroup policy, too...
0
 

Author Comment

by:TimothyBoggess
ID: 22854143
I tried putting the dns-server value in the DefaultRAGroup too, but can still only ping by IP address.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22854318
Can you ping that dns server while connected to the LAN?
If yes?
Can you use nslookup against it while connected?
0
 

Author Comment

by:TimothyBoggess
ID: 22855006
I can ping one particular server on the network by IP address, but I cannot ping the dns server while I'm connected to the LAN.  I suspect there is more going on here than I'm aware of and I may need to delve deeper in the network setup.  (This is a network I inherited).
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22855019
Could be a routing issue where the internal router does not have a route to the VPn client pool subnet, or routes it someplace else.
I, too, suspect more than meets the eye here. As long as the client gets the proper dns server via VPN config, and that server can be reached while on the VPN, then all should be happy.
0
 

Author Comment

by:TimothyBoggess
ID: 22855122
I'll take a look at the internal router.  If I do an ipconfig /all while connected to the LAN it gives me a correct IP address from the ip pool on the ASA and it gives me the correct DNS servers that I set.  I'll let you know what I find on the router.
0
 

Author Closing Comment

by:TimothyBoggess
ID: 31512662
Thanks for the help on the dns issue.  I'm awarding the points and accepting the solution even though I still can't ping by name, but I think that's due to either a problem on the internal router or one of my switches.  If I do an ipconfig while connected as a VPN client, I'm getting the proper dns server for the connection which tells me you gave me the correct answer.  If I'm unable to troubleshoot the internal problem I'm having I'll be back with another question.  Thanks for your help!
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question