Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
226
Views
0
Helpful
4
Replies

Network Browsing problem by VPN Client

sgozio
Level 1
Level 1

‎08-05-2003 08:52 AM - edited ‎02-21-2020 12:42 PM

Hy all,

This is my PIX configuration, VPN client work fine but when try by VPN Client the network browsing this is dropped by the firewall, in fact I obtain from PIX the deny message for UDP 138, UDP 137, 1056 and 1058.

What is the problem??

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list outside_access_in permit icmp any any echo-reply

access-list nonat permit ip any 10.0.1.0 255.255.255.0

pager lines 24

logging on

logging buffered notifications

logging trap notifications

logging host inside 192.168.1.120

mtu outside 1500

mtu inside 1500

ip address outside 200.200.XXX.XXX 255.255.255.248

ip address inside 192.168.1.254 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool Net 10.0.1.1-10.0.1.30

pdm location 192.168.1.0 255.255.255.0 inside

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 200.200.XXX.XXX 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.1 255.255.255.255 inside

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set TRSET esp-3des esp-sha-hmac

crypto dynamic-map dynmap 10 set transform-set TRSET

crypto map VPN 10 ipsec-isakmp dynamic dynmap

crypto map VPN interface outside

isakmp enable outside

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup Net address-pool Net

vpngroup Net dns-server 192.168.1.1

vpngroup Net wins-server 192.168.1.1

vpngroup Net default-domain asasasas.com

vpngroup Net idle-time 1800

vpngroup Net password ********

telnet 192.168.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Tanks all.

Labels:
0 Helpful
4 Replies 4

gfullage
Cisco Employee
Cisco Employee

‎08-05-2003 04:33 PM

NW browsing issues are rarely to do with the head-end termination device, so I'm confused you're actually seeing deny messages on the PIX (they may be unrelated and coming from internal devices though).

Please go through the following URL and make sure your clients are set up correctly:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2308/products_tech_note09186a0080194b4a.shtml#nt

0 Helpful

sgozio
Level 1
Level 1
In response to gfullage

‎08-06-2003 02:08 AM

I obtain deny message only when the VPN client try to search one inside computer by name (NET VIEW COMPUTER1).

Regards.

0 Helpful

jmia
Level 7
Level 7
In response to sgozio

‎08-06-2003 02:23 AM

Hi -

What about by IP, does it work when it tries to search for the computer by Ip address only ??

Thanks -

0 Helpful

sgozio
Level 1
Level 1
In response to jmia

‎08-06-2003 11:13 AM

Hi

This is the situation:

1)

The VPN Client send this command: NET VIEW COMPUTER1

The PIX log contain Deny UDP 138 - Deny UDP 137 - Deny UDP 1056 - Deny UDP 1058

The VPN Client obtain error to browse network.

2)

The VPN Client send this command: NET VIEW 192.168.1.20 (COMPUTER1 IP Address)

The VPN Client obtain the browse of shred resource

Regards.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents