?
Solved

Cannot access Microsoft share with Cisco VPN client - SMB not configured?

Posted on 2008-11-16
7
Medium Priority
?
751 Views
Last Modified: 2012-05-05
I get the following console message even after opening up UPD & TCP:

access-list backup_access_in extended permit tcp any host 64.2.113.131
access-list backup_access_in extended permit udp any host 64.2.113.131

4      Nov 16 2008      17:42:15      106023      192.168.10.216      192.168.10.255       Deny udp src backup:192.168.10.216/137 dst inside:192.168.10.255/137 by access-group "backup_access_in" [0x0, 0x0]
ASA-111608-config.txt
0
Comment
Question by:snchelpdesk
  • 4
  • 3
7 Comments
 
LVL 6

Expert Comment

by:ricks_v
ID: 22972551
"Deny udp src backup:192.168.10.216/137 dst inside:192.168.10.255/137"
it looks like 192.168.10.216 is trying to broadcast.

We need to know who is 192.168.10.216? and what is it trying to access.

Anyway try dropping the following acl:
access-list inside_access_out extended permit tcp host 64.2.113.131 any
access-list inside_access_out extended permit udp host 64.2.113.131 any

that will allow any 192.168.x.x to access 64.2.113.131 and vice versa
0
 

Author Comment

by:snchelpdesk
ID: 22972603
192.168.10.216 is me on the VPN.

no access-list inside_access_out extended permit tcp host 64.2.113.131 any
no access-list inside_access_out extended permit udp host 64.2.113.131 any

no different:
4      Nov 16 2008      18:54:35      106023      192.168.10.216      192.168.10.255       Deny udp src backup:192.168.10.216/137 dst inside:192.168.10.255/137 by access-group "backup_access_in" [0x0, 0x0]
0
 
LVL 6

Expert Comment

by:ricks_v
ID: 22972719
ok let's try this:
access-list backup_access_in extended permit tcp / udp any any

then we can narrow down the issue by making sure it's the acl blocking the traffic
by changin acl to
access-list backup_access_in extended permit tcp / udp 192.168.10.x 255.255.255.0 any

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:snchelpdesk
ID: 22972802
access-list backup_access_in extended permit tcp / udp any any  - works!

access-list backup_access_in extended permit tcp / udp 192.168.10.x 255.255.255.0 any  - good also!

I have removed the any any lines.

We're good, eh!   I have attached current running config for final review.

Thank you,
Dave
ASA-111608a-config.txt
0
 
LVL 6

Expert Comment

by:ricks_v
ID: 22972927
sweeeet :)
feedback please.. another 3700 i will be getting my premium membership :P
0
 
LVL 6

Accepted Solution

by:
ricks_v earned 2000 total points
ID: 22972939
just a suggestion..
to be more secure, you can change the destionation to 192.168.10.x instead of any (whoever required source/dest access)

access-list backup_access_in extended permit tcp / udp 192.168.10.x 255.255.255.0 192.168.10.x bla bla
0
 

Author Closing Comment

by:snchelpdesk
ID: 31517316
Done - everything works and your expertise is very much appreciated!
Thank you,
Dave
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question