?
Solved

My Cisco ASA won't allow clients to browse the internal network

Posted on 2008-10-30
12
Medium Priority
?
205 Views
Last Modified: 2012-05-05
Hello, I have a Cisco ASA I'm trying to configure so remote clients can browse our internal network. I can make a connection to the network, but I can't see any machines on the network.  I've attached a copy of my ASA running config.
CiscoASA.txt
0
Comment
Question by:TimothyBoggess
  • 6
  • 4
  • 2
12 Comments
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22848945
It's important to be aware of the fact that NETBios won't work over a VPN tunnel, because this is broadcasted traffic. As far as I know there is no "regular" way to browse a remote network.

Is your problem that your users can't browse the network, or can't the ping any devices at your LAN at all?
0
 

Author Comment

by:TimothyBoggess
ID: 22849555
Jay,
   I can ping only by IP address and no we can't browse the network.  However shouldn't DNS resolve the names to the addresses for browsing?  Regardless, if I can get the names resolved instead of simply relying on the IP address I think I would have a working solution.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 22849744
group-policy RemoteVPN attributes
dns-server value 192.168.1.59 <== give your VPN clients a dns server for mydomain.com
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22850049
Ah, I thought the actual browsing through 'network environment' was the problem Hence my question.

lrmoore's answer should provide you with the DNS you require.
0
 

Author Comment

by:TimothyBoggess
ID: 22850959
I put in the dns-server value in the group-policy RemoteVPN attributes and I can still only ping by IP address.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22852704
Try putting it into the DefaultRAGroup policy, too...
0
 

Author Comment

by:TimothyBoggess
ID: 22854143
I tried putting the dns-server value in the DefaultRAGroup too, but can still only ping by IP address.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22854318
Can you ping that dns server while connected to the LAN?
If yes?
Can you use nslookup against it while connected?
0
 

Author Comment

by:TimothyBoggess
ID: 22855006
I can ping one particular server on the network by IP address, but I cannot ping the dns server while I'm connected to the LAN.  I suspect there is more going on here than I'm aware of and I may need to delve deeper in the network setup.  (This is a network I inherited).
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22855019
Could be a routing issue where the internal router does not have a route to the VPn client pool subnet, or routes it someplace else.
I, too, suspect more than meets the eye here. As long as the client gets the proper dns server via VPN config, and that server can be reached while on the VPN, then all should be happy.
0
 

Author Comment

by:TimothyBoggess
ID: 22855122
I'll take a look at the internal router.  If I do an ipconfig /all while connected to the LAN it gives me a correct IP address from the ip pool on the ASA and it gives me the correct DNS servers that I set.  I'll let you know what I find on the router.
0
 

Author Closing Comment

by:TimothyBoggess
ID: 31512662
Thanks for the help on the dns issue.  I'm awarding the points and accepting the solution even though I still can't ping by name, but I think that's due to either a problem on the internal router or one of my switches.  If I do an ipconfig while connected as a VPN client, I'm getting the proper dns server for the connection which tells me you gave me the correct answer.  If I'm unable to troubleshoot the internal problem I'm having I'll be back with another question.  Thanks for your help!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question