Solved

Can't access DFS via Cisco VPN software

Posted on 2013-02-04
4
1,559 Views
Last Modified: 2016-01-06
Hello IT pros.

I have the following situation.
We have a Cisco ASA 5515-X in our building, we have two different domains inside as well, 1st domain is called school1.lan and the 2nd is network2.lan, for schoold1.lan we have 10.1.10/23 and for network2.lan we have 172.16.1.0/24, when I connect from home using Cisco VPN software I connect to 172.16.1.0/24 I can access all the shares, except the DFS share.. I get the right IP address, but one thing that has caught my attention is that the primary dns suffix I get is school1.lan

Any ideas.
0
Comment
Question by:Katrach0
  • 3
4 Comments
 
LVL 10

Expert Comment

by:mat1458
ID: 38853859
Did you try to connect to the DFS by using the IP address instead of the name? If this works we can continue to sort out DNS problems, otherwise IP routing or firewall rules might be the focus.
0
 

Author Comment

by:Katrach0
ID: 38854706
Right, since I cannot connect using \\mydomain\mydfs when connected via vpn I tried the IP address of one of the servers \\w.x.y.z\mydfs I still can't open it.
0
 

Accepted Solution

by:
Katrach0 earned 0 total points
ID: 39204265
Ended up calling Cisco, they told me this.

Here is a summary of our call today:
 
1.      You informed that you were pushing a domain name and a couple of split-dns entries to the vpn clients.

2.      The vpn clients were able to resolve the hosts in one domain but weren’t able to resolve the hosts in the second domain.

3.      We corrected the IP address of the secondary dns server and we were now able to resolve the hosts in the second domain as well
4.      However, we were still not able to access the DFS file shares in the second domain.
5.      When we try to access the DFS file share in the second domain, it resolves but an authentication prompt comes up.
6.      This doesnt happen if we are trying to connect to the file shares from a host that is a part of the same domain.
7.      It appears to be a permission issue on the DFS file shares where it asks for authentication whenever we try to access it from a machine that is not a part of the same domain.
8.      However, the fact that we are able to reach that server using hostname confirms that the dns server is resolving hostnames successfully now.

I also want to point out that Cisco firewalls can do split dns, but this didn't fix the issue, what fixed the issue was to put the domain name where the DFS share was located and put the DNS IP's for that domain, only then I was able to browse through the DFS shares, We are using a ASA515X. Cisco guys are good at newtworking, but when it comes to Microsoft thechnologies, they're lost, it was not share permissions the problem, so.. Hope this helps anyone out there.
0
 

Author Closing Comment

by:Katrach0
ID: 39215606
I got my problem solved.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN protocal 18 75
Excel To Access Database Transfer 14 62
Sudden loss of remote desktop connectivity via VPN 11 61
Moving SharePoint 3.0 role to differen server 7 42
The new Microsoft OS looks great, is easier than ever to upgrade to, it is even free.  So what's the catch?  If you don't change the privacy settings, Microsoft will, in accordance with the (EULA) you clicked okay to without reading, collect all the…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now