04-11-2009 12:59 AM
hi all,
I configured site-site vpn b\w ASA 5510 & ASA 5505.Its works fine,I can able to ping the host from both sides.
But I have the following problem
1.I can access the shared folder from the peer host using its IP address.but I cannot able to access it with computer name for ex:\\akl13
I think it may be the problem with NetBios/WINS service through VPN
My question is how can I enable NETBIOS over VPN ( site-site)
I am attaching the configuration
ASA Version 7.0(8)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 192.168.2.6 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
access-list inside_pnat_outbound extended permit ip 172.16.1.0 255.255.255.0 192
.168.4.0 255.255.255.0
access-list outside_cryptomap_20 extended permit ip 192.168.3.0 255.255.255.0 19
2.168.4.0 255.255.255.0
pager lines 24
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
no failover
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
static (inside,outside) 192.168.3.0 access-list inside_pnat_outbound
route outside 0.0.0.0 0.0.0.0 192.168.2.6 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username dileep password STkzljfDxlzWJX9D encrypted privilege 15
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 192.168.2.7
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 20 set security-association lifetime seconds 28800
crypto map outside_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group 192.168.2.7 type ipsec-l2l
tunnel-group 192.168.2.7 ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Expecting your valuable reply
Solved! Go to Solution.
04-14-2009 05:45 AM
In order to reach a workstation through WINS name resolution there has to be a WINS server shared on both networks workgroups if you will. NetBIOS over TCP is a feature that is enabled on the actual network settings on the PC and not on the firewall.
04-13-2009 07:10 AM
Hi, first of all you need to be aware that some netbios broadcast traffic will not pass through a vpn, so you would need to switch to NetBIOS over TCP, once you have done this make sure both endpoints share the same WINS server.
04-14-2009 03:55 AM
Dear imartino,
thanks for the information,but the issue is that host on both side of the tunnel are in different workgroup.there is no WINS server.
one more thing i have to know is that how can I enable NetBios over TCP through CLI.
Expecting your reply
dileep
04-14-2009 05:45 AM
In order to reach a workstation through WINS name resolution there has to be a WINS server shared on both networks workgroups if you will. NetBIOS over TCP is a feature that is enabled on the actual network settings on the PC and not on the firewall.
04-14-2009 09:38 AM
thanks a lot for this valuable information
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: