IP SCAN Through ASA VPN

Hello, I have a group of techs that need to scan subnets and get dns addresses from ranges at remote sites. They asa vpn group can obtain machine names in the colo; however, the remote sites use a different dns server. I have added 53 and 161 access to all of these networks; however, with the vpn filter the guys cannot get machine names. They can without the filter. Any idea what could be going on? I called cisco tac, but the person wasn't getting anywhere.
dcawoodAsked:
Who is Participating?
 
giltjrConnect With a Mentor Commented:
In your DNS server you may need to setup a forwarder zone for the colo's IP subnet pointing to the dns server that holds their PTR records.

Right now without the filter you may be doing netbios name lookup as Boilermaker85 has suggested.
0
 
btassureCommented:
Can you show us a network diagram including the servers please?

Also any bits of the config you have such as the VPN groups and access lists (sanitised) please.
0
 
Boilermaker85Commented:
The machine(s) from which these scans originate will try to resolve names via its own dns configuration. If the remote devices are not registering with this Dns, those lookups will fail. But most scanners will then try netbios name lookup, udp 137. If you allow that, you should be able to get their windows names.
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
dcawoodAuthor Commented:
The VPN connection has the same DNS Server as I do on the inside. I have allowed udp/137 udp/161 and udp 53 to the networks being scanned and the dns server.

When I do a scan from the inside, and get the machine names, I see on the logg monitor that it is resolving via 137 to the machine ip. Weird thing is, 137 is allowed and I dont see anything blocked in the logs.
0
 
dcawoodAuthor Commented:
The traffic is being built through the vpn asa and the core asa to the vdmz where the machines are?
0
 
Boilermaker85Commented:
Hard to tell from your last comment, since we dont have a picture of the network and which ASA config we need to look at.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.