cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1096
Views
0
Helpful
8
Replies

Invalid Netbios Name id=3357

saidfrh
Level 1
Level 1

Yesterday there was IPS alert: Invalid Netbios Name id=3357, while a Cisco VPN client was connected to the network. The employee ran a virus check-nothing found. Today the employee can not connect to the ASA firewall to set up a VPN connection--the VPN client's authentication box does not show up. The Ciso VPN client's 'connection' entry was deleted and reconfigured, still can not access the ASA. Meanwhile, other clients are able to VPN in. The client was able to access the network yesterday from a hotel. Could the cause of inability to VPN in be due to the after effect(s) of Invalid Netbios Name? Any assistance in trouble shooting would be appreciated.

8 Replies 8

michael.d.brown
Level 1
Level 1

are you running a NAC solution?

No, we do not use NAC.

michael.d.brown
Level 1
Level 1

also check on the IPS sensor if that user's IP address is in the blocked host list, that would stop them from communicating to the ASA.

I am on Cisco IDM 6.2. Do you know how to find out if the IP is blocked?

Thanks.

go to monitoring and it will be under one of the following:

denied attackers

host blocks

network blocks

you might have to hit refresh on each one sometimes to see the data.

The IP was not blocked in "denied attackers, host blocks, nor network blocks".

ok, on the ASA do a "show shun" and see if their IP address shows up in that list.

If not, then you should setup a packet capture on the outside interface and have the user ping the ASA IP, try to connect via VPN and see if you see their packets in the capture.

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: