We have been using our Cisco 3000 VPN Concentator for quite some time and have a approximately 25 - 30 regular users. Most of these individuals connect from home over a highspeed line (cable, DSL, etc.). Thus far, all have been able to log onto the VPN and Domain and then access all network resources (Lotus Notes, AS/400 etc.).
The problem:
A new user is able to connect successfully according to the logs (see below), but when he tries to use any application that requires a NetBIOS name (Lotus Notes, AS/400 etc.) he gets timeouts. He is able to ping all network hosts by IP address, but not by NetBIOS name.
His OS: Windows 2000 SP2
VPN Client Version: 3.5.2(B)
Any ideas as to how this can be resolved?
Thanks in advance,
-Brian
PS. I scrubbed the log data below to reflect generic group and user names. All other data is pulled direclty from the log. The data only reflects this particular user's connection.
-------------
Log Data
-------------
33724 05/05/2003 11:38:13.860 SEV=5 IP/49 RPT=495
Headend transmitting TCP SYN-ACK pkt to client 24.121.45.95, TCP dest port 1162
33725 05/05/2003 11:38:13.940 SEV=5 IP/50 RPT=14761
Headend received TCP ACK pkt from client 24.121.45.95, TCP source port 1162
33726 05/05/2003 11:38:14.100 SEV=5 IP/41 RPT=271
TCP session established to client 24.121.45.95, TCP source port 1162.
33727 05/05/2003 11:38:19.840 SEV=4 IKE/52 RPT=604 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
User (<JoeUser>) authenticated.
33728 05/05/2003 11:38:20.030 SEV=5 IKE/184 RPT=604 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
Client OS: N/A
Client Application Version: 3.5.2 (B)
33730 05/05/2003 11:38:21.150 SEV=4 AUTH/22 RPT=606
User <JoeUser> connected
33731 05/05/2003 11:38:21.150 SEV=4 IKE/119 RPT=644 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
PHASE 1 COMPLETED
33732 05/05/2003 11:38:21.150 SEV=5 IKE/25 RPT=2208 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
Received remote Proxy Host data in ID Payload:
Address 192.10.12.95, Protocol 0, Port 0
33735 05/05/2003 11:38:21.150 SEV=5 IKE/24 RPT=614 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
Received local Proxy Host data in ID Payload:
Address 206.19.244.201, Protocol 0, Port 0
33738 05/05/2003 11:38:21.150 SEV=5 IKE/66 RPT=2208 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
IKE Remote Peer configured for SA: ESP-3DES-MD5
33739 05/05/2003 11:38:21.150 SEV=5 IKE/75 RPT=2208 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
Overriding Initiator's IPSec rekeying duration from 2147483 to 28800 seconds
33741 05/05/2003 11:38:21.290 SEV=4 IKE/49 RPT=2208 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
Security negotiation complete for User (<JoeUser>)
Responder, Inbound SPI = 0x053a3798, Outbound SPI = 0xa974f35b
33744 05/05/2003 11:38:21.300 SEV=4 IKE/120 RPT=2208 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
PHASE 2 COMPLETED (msgid=0c5797ce)
33745 05/05/2003 11:38:23.310 SEV=5 IKE/25 RPT=2209 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
Received remote Proxy Host data in ID Payload:
Address 192.10.12.95, Protocol 0, Port 0
33748 05/05/2003 11:38:23.310 SEV=5 IKE/34 RPT=1595 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
Received local IP Proxy Subnet data in ID Payload:
Address 192.10.0.0, Mask 255.255.0.0, Protocol 0, Port 0
33751 05/05/2003 11:38:23.310 SEV=5 IKE/66 RPT=2209 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
IKE Remote Peer configured for SA: ESP-3DES-MD5
33752 05/05/2003 11:38:23.310 SEV=5 IKE/75 RPT=2209 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
Overriding Initiator's IPSec rekeying duration from 2147483 to 28800 seconds
33754 05/05/2003 11:38:23.430 SEV=4 IKE/49 RPT=2209 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
Security negotiation complete for User (<JoeUser>)
Responder, Inbound SPI = 0x053c6e46, Outbound SPI = 0x997f5b84
33757 05/05/2003 11:38:23.430 SEV=4 IKE/120 RPT=2209 24.121.45.95
Group [<MyCompanyVPN>] User [<JoeUser>]
PHASE 2 COMPLETED (msgid=016735e1)
