02-20-2008 06:23 AM - edited 03-09-2019 08:09 PM
I have set-up a remote access vpn on a 5510 ASA for a customer and although they can connect and collect mail and see their mapped drives they do not get dns resolution from the internal servers and are not able to use RDP to access the internal servers. The ASA is running version 7.2. I have tried recreating this in a lab environment and get the same problem. I am new to the ASA and not sure if there may be something in the policy that blocks these services. I have tried upgrading the lab equipment to 8.03 but still have the same problem. If anyone has any advice it would be much appreciated as it looks like I have a few of these to install in the near future.
02-20-2008 07:14 AM
Hi Martin
Please attach your running config.
Regards
02-22-2008 03:15 AM
02-22-2008 02:02 PM
Martin,
Is 10.190.50.1 a domain controller with DNS service installed?
What happens when you run nslookup in command line of client which is connected via VPN then type a hostname.domainname.suffix? Do you get response? Does nslookup point 10.190.50.1 as default server?
02-24-2008 01:42 PM
Hi guys,
i experienced the same problem with DNS, but i resolve it now.
actualy i have a problem with RDP, when connected via VPN i can't run RDP to my local servers, i used the IP adress instead but didn't work too .
attached my running configuration on the ASA 5505.
Please debugg my config and send your help.
Thanks.
02-25-2008 12:04 AM
Hi Adil
Make the following change
access-list inside_nat0_outbound permit ip 192.168.2.0 255.255.255.0 192.168.2.224 255.255.255.224
no nat (inside) 0 192.168.2.2
nat (inside) 0 access-list inside_nat0_outbound
Regards
Please do not forget to rate the post if helpful
02-25-2008 07:36 AM
Adil,
Why did you grade 2?
02-25-2008 09:38 AM
Hi Husyine
i have tried the changes you gave me but nothing was changed. by theway whay did you put 192.168.2.224 ? this IP adresse is a part of VPN Pool.
for your information, when i do nslookup the host is resolved ! when i ping the IP adresse of the host no response. just the DNS and Inside interface can be pinged.
do you have any other suggestions ?
thanks & regards.
02-28-2008 02:07 AM
Adil
Please rate posts if helpful. If it i not, go on collaboration till you resolve the issue.
Please post your current running config
Regards
02-25-2008 12:30 AM
02-25-2008 01:37 AM
Martin,
Is 10.190.50.1 a domain controller with DNS service installed?
Can you connect to 10.190.50.1 via RDP ?
Can a local client located in inside interface with preferred DNS server of 10.190.50.1 can resolve the IP addresses in nslookup output you attached to names?
02-25-2008 01:46 AM
Hi there. Yes 10.190.50.1 is a domain controller and runs the dns service. Clients inside the network can ping the server by name. I can connect to 10.190.50.1 by rdp.
02-28-2008 02:05 AM
Martin,
Please download portqry.exe in VPN client,
http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/portqryui.exe
extract it, then run portqryui. In IP address section, type 10.190.50.1 , choose "Manually input query ports", choose UDP, and port 53. If query result returns correctly, then try issuing the following commands
policy-map global_policy
class inspection_default
no inspect dns preset_dns_map
If you cant get response, then add the following
sysopt connection permit-ipsec
If still no response, let me know.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide