Invalid Netbios Name id=3357

Unanswered Question
May 13th, 2009

Yesterday there was IPS alert: Invalid Netbios Name id=3357, while a Cisco VPN client was connected to the network. The employee ran a virus check-nothing found. Today the employee can not connect to the ASA firewall to set up a VPN connection--the VPN client's authentication box does not show up. The Ciso VPN client's 'connection' entry was deleted and reconfigured, still can not access the ASA. Meanwhile, other clients are able to VPN in. The client was able to access the network yesterday from a hotel. Could the cause of inability to VPN in be due to the after effect(s) of Invalid Netbios Name? Any assistance in trouble shooting would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
michael.d.brown... Wed, 05/13/2009 - 12:01

also check on the IPS sensor if that user's IP address is in the blocked host list, that would stop them from communicating to the ASA.

saidfrh Wed, 05/13/2009 - 12:30

I am on Cisco IDM 6.2. Do you know how to find out if the IP is blocked?


michael.d.brown... Wed, 05/13/2009 - 12:38

go to monitoring and it will be under one of the following:

denied attackers

host blocks

network blocks

you might have to hit refresh on each one sometimes to see the data.

saidfrh Wed, 05/13/2009 - 13:05

The IP was not blocked in "denied attackers, host blocks, nor network blocks".

michael.d.brown... Wed, 05/13/2009 - 13:08

ok, on the ASA do a "show shun" and see if their IP address shows up in that list.

If not, then you should setup a packet capture on the outside interface and have the user ping the ASA IP, try to connect via VPN and see if you see their packets in the capture.


This Discussion