Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

NetBIOS over IPSEC, driving me buggy!

So I have an ASA in a little abnormal setup.

The site has a managed router far down stream and my only option for VPN is to have a static translated to my ASA.

My ASA has only one interface plugged in, inside. Things seem to work great, I can ping things, connect to them via RDP, etc. However, I for the life of me cannot map a windows drive.

So the inside address is 10.0.246.10, the pool is in the same range (10.0.246.40-49), and the server I'm trying to map is at 10.0.246.1.

Attached is my config, if anyone has some time it would be appreciated.

10 REPLIES

Re: NetBIOS over IPSEC, driving me buggy!

NetBios is urouteable via IP. You need to enable NetBios over TCP on the windows machines, and if you have a WINS server that would also help.

HTH>

Community Member

Re: NetBIOS over IPSEC, driving me buggy!

Appreciate the response!

Couple of things I should have noted... NetBIOS over TCP is enabled, however there is no AD Domain, internal DNS or internal WINS. I can definitely hit the server in question on tcp.445 via nmap and telnet, but the NetBIOS request does not make it back. I can see in the asa logs that the connection is built and torn down, however the mapping of drives will fail every time.

Re: NetBIOS over IPSEC, driving me buggy!

Well there is your issue - how do you expect it to resolve anything if there is no AD/DNS - you have to have a name to IP resolution

Add the server name in the local host file on the machine - this will work.

Or just map the drive using the IP address instead of the name.

HTH>

Community Member

Re: NetBIOS over IPSEC, driving me buggy!

And yet more info that I've left out, I am attempting to map via IP address. Mapping of the drive, via IP, works okay on the LAN.

The ASA logs don't show anything abnormal. The packet trace tool, however, shows 'ip spoof detected'. This is shown for protocols that work, for example RDP.3389, as well.

Community Member

Re: NetBIOS over IPSEC, driving me buggy!

I should also let you know, I've also tried changing the pool addresses to a different range, 192.168.100 for example, and running a nat0 config to those. Again regular tcp services work but no NetBIOS.

I've also attempted to run the different pool range through a global, and still the same result.

I've got a feeling it's got something to do with the single interface configuration but I can't seem to pinpoint it, and it's driving me nuts :-)

Re: NetBIOS over IPSEC, driving me buggy!

can you access the share on the server from a machine local to the server i.e not over the WAN/VPN?

Community Member

Re: NetBIOS over IPSEC, driving me buggy!

Yes, on the LAN things work well...

Community Member

Re: NetBIOS over IPSEC, driving me buggy!

If it works ok with IP then try editing your local host file of the machine which you trying to access.You can also make entry of the same on source machine too.That would definitely work.

Community Member

Re: NetBIOS over IPSEC, driving me buggy!

We're going to put in a test AD server tomorrow, running DNS and WINS. See if that works...

Thanks for the time.

Community Member

Re: NetBIOS over IPSEC, driving me buggy!

Just fyi, looks like this is identified under CSCsu26649

Disabled compression (ip-comp disable) and things seem to work.

779
Views
0
Helpful
10
Replies
CreatePlease to create content