cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10322
Views
5
Helpful
4
Replies

NetBios Over VPN

pranavam_dileep
Level 1
Level 1

hi all,

I configured site-site vpn b\w ASA 5510 & ASA 5505.Its works fine,I can able to ping the host from both sides.

But I have the following problem

1.I can access the shared folder from the peer host using its IP address.but I cannot able to access it with computer name for ex:\\akl13

I think it may be the problem with NetBios/WINS service through VPN

My question is how can I enable NETBIOS over VPN ( site-site)

I am attaching the configuration

ASA Version 7.0(8)

!

hostname ciscoasa

domain-name default.domain.invalid

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

dns-guard

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 192.168.2.6 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 172.16.1.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

ftp mode passive

access-list inside_pnat_outbound extended permit ip 172.16.1.0 255.255.255.0 192

.168.4.0 255.255.255.0

access-list outside_cryptomap_20 extended permit ip 192.168.3.0 255.255.255.0 19

2.168.4.0 255.255.255.0

pager lines 24

logging asdm informational

mtu management 1500

mtu outside 1500

mtu inside 1500

no failover

asdm image disk0:/asdm-508.bin

no asdm history enable

arp timeout 14400

static (inside,outside) 192.168.3.0 access-list inside_pnat_outbound

route outside 0.0.0.0 0.0.0.0 192.168.2.6 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username dileep password STkzljfDxlzWJX9D encrypted privilege 15

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map 20 match address outside_cryptomap_20

crypto map outside_map 20 set peer 192.168.2.7

crypto map outside_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map 20 set security-association lifetime seconds 28800

crypto map outside_map 20 set security-association lifetime kilobytes 4608000

crypto map outside_map interface outside

isakmp enable outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

tunnel-group 192.168.2.7 type ipsec-l2l

tunnel-group 192.168.2.7 ipsec-attributes

pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

Expecting your valuable reply

1 Accepted Solution

Accepted Solutions

In order to reach a workstation through WINS name resolution there has to be a WINS server shared on both networks workgroups if you will. NetBIOS over TCP is a feature that is enabled on the actual network settings on the PC and not on the firewall.

View solution in original post

4 Replies 4

Ivan Martinon
Level 7
Level 7

Hi, first of all you need to be aware that some netbios broadcast traffic will not pass through a vpn, so you would need to switch to NetBIOS over TCP, once you have done this make sure both endpoints share the same WINS server.

Dear imartino,

thanks for the information,but the issue is that host on both side of the tunnel are in different workgroup.there is no WINS server.

one more thing i have to know is that how can I enable NetBios over TCP through CLI.

Expecting your reply

dileep

In order to reach a workstation through WINS name resolution there has to be a WINS server shared on both networks workgroups if you will. NetBIOS over TCP is a feature that is enabled on the actual network settings on the PC and not on the firewall.

thanks a lot for this valuable information

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: