Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

My Cisco ASA won't allow clients to browse the internal network

Posted on 2008-10-30
12
195 Views
Last Modified: 2012-05-05
Hello, I have a Cisco ASA I'm trying to configure so remote clients can browse our internal network. I can make a connection to the network, but I can't see any machines on the network.  I've attached a copy of my ASA running config.
CiscoASA.txt
0
Comment
Question by:TimothyBoggess
  • 6
  • 4
  • 2
12 Comments
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22848945
It's important to be aware of the fact that NETBios won't work over a VPN tunnel, because this is broadcasted traffic. As far as I know there is no "regular" way to browse a remote network.

Is your problem that your users can't browse the network, or can't the ping any devices at your LAN at all?
0
 

Author Comment

by:TimothyBoggess
ID: 22849555
Jay,
   I can ping only by IP address and no we can't browse the network.  However shouldn't DNS resolve the names to the addresses for browsing?  Regardless, if I can get the names resolved instead of simply relying on the IP address I think I would have a working solution.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 22849744
group-policy RemoteVPN attributes
dns-server value 192.168.1.59 <== give your VPN clients a dns server for mydomain.com
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22850049
Ah, I thought the actual browsing through 'network environment' was the problem Hence my question.

lrmoore's answer should provide you with the DNS you require.
0
 

Author Comment

by:TimothyBoggess
ID: 22850959
I put in the dns-server value in the group-policy RemoteVPN attributes and I can still only ping by IP address.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22852704
Try putting it into the DefaultRAGroup policy, too...
0
 

Author Comment

by:TimothyBoggess
ID: 22854143
I tried putting the dns-server value in the DefaultRAGroup too, but can still only ping by IP address.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22854318
Can you ping that dns server while connected to the LAN?
If yes?
Can you use nslookup against it while connected?
0
 

Author Comment

by:TimothyBoggess
ID: 22855006
I can ping one particular server on the network by IP address, but I cannot ping the dns server while I'm connected to the LAN.  I suspect there is more going on here than I'm aware of and I may need to delve deeper in the network setup.  (This is a network I inherited).
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22855019
Could be a routing issue where the internal router does not have a route to the VPn client pool subnet, or routes it someplace else.
I, too, suspect more than meets the eye here. As long as the client gets the proper dns server via VPN config, and that server can be reached while on the VPN, then all should be happy.
0
 

Author Comment

by:TimothyBoggess
ID: 22855122
I'll take a look at the internal router.  If I do an ipconfig /all while connected to the LAN it gives me a correct IP address from the ip pool on the ASA and it gives me the correct DNS servers that I set.  I'll let you know what I find on the router.
0
 

Author Closing Comment

by:TimothyBoggess
ID: 31512662
Thanks for the help on the dns issue.  I'm awarding the points and accepting the solution even though I still can't ping by name, but I think that's due to either a problem on the internal router or one of my switches.  If I do an ipconfig while connected as a VPN client, I'm getting the proper dns server for the connection which tells me you gave me the correct answer.  If I'm unable to troubleshoot the internal problem I'm having I'll be back with another question.  Thanks for your help!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question