10-11-2008 09:54 AM - edited 03-09-2019 09:39 PM
I'm a newbie and have recently purchased an ASA5505. I've manged to get it up and running and am attempting to set up WebVpn. I've followed the configuration instructions and can get to the point where I can see the Domains and Workgroups on my home network. However, when I select a workgroup I get a message "Unable to contact necessary server.
I have my WINS server running on my W2K box and can see in it's log each time the WebVpn tries to access it.
Result of the command: "Show run"
: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password xxx
passwd xxx
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address A.B.C.D 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 A.B.C.0 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!
webvpn
port 444
enable outside
enable inside
svc enable
customization DfltCustomization
application-access hide-details enable
url-list HDQ "HDQ" http://192.168.1.2:42 1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
webvpn
functions url-entry file-access file-entry file-browsing
username user1 password xxx encrypted privilege 15
tunnel-group DefaultWEBVPNGroup general-attributes
default-group-policy GroupPolicy1
tunnel-group DefaultWEBVPNGroup webvpn-attributes
nbns-server 192.168.1.2 master timeout 2 retry 2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:xxx
: end
Please advise.
Thanks!
10-11-2008 11:58 AM
Please note.
url-list HDQ "HDQ" http://192.168.1.2:42 1
This was a test config.
Has been updated to
url-list HDQ "HDQ" cifs://192.168.1.2 1
Still no luck.
Thanks!
10-15-2008 03:39 PM
Thanks everyone.
I figured it out. It appears that the WebVPN screen only shows available domains/workgroups. To access machines I have to search for the specific network path of the machine I am wanting to access.
10-18-2008 07:06 AM
I still think it should be possible to see my whole network by ckicking on the root workgroup on the Browse Networks panel without specifying a specific ip.
Is this correct?
Still getting the message in my subject line when I try.
Thanks in advance.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: