after years of using our ASA only for user's RDP cluster access (and my techie stuff such as SSH), I need to teach our ASA to deliver network shares, meaning providing access to these.
I'm on ASA 8.3 and the Anyconnect is 2.4.(2).
The Client is Win7 pro.
I use Anyconnect Web Deployment and have SBL fully working.
I use Radius to authenticate users against the underlying AD.
I can successfully ping into any segment behind the ASA from any client.
I'm on a W2K8 domain
These things work with no issues.
However, the AD login script (drawn from sysvol) for any user won't execute. The drives will prompt me for crendentials and are marked /w a red cross. I can map drives using either FQDN or UNC addresses manually (DNS is OK), but I'd like to have my AD doing its job. The underlying Wifi is being trusted (workplace network). MS firewall disabled, no other security tools in place save for sophos enterprise domain antivirus.
I have set the domain policy for the clients to wait for the local n/w socket to be fully there (AlwaysWaitForNetworkOnLogon), but even after successful SBL (and waiting some more seconds to be really sure), the drives won't come up. In my understanding, SBL will deliver base domain connectivity ( -> resulting in a valid kerberos ticket) , but I even cannot hit the sysvol ( \\DC\netlogon\*.bat) w/o being prompted for credentials.
I'm having a little issue on the ASA's SSL Cert, I need to replace the cert dur to domain name change (still undone), currently resulting in a CNAME mismatch (which I override on login), but I don't think this too big of an issue unless anyconnect is a bit paranoid.....this would'n explain why I have a full VPN socket save for the shares.
I can't point to a specific documented bug but is there a reason why you are running the very old AnyConnect 2.4 client instead of the more current and most recent version 3.1.05152? (4.0 should be out within a month by the way.) There are a large number of enhancements and bug fixes in the past 4+ years since 2.4 was released.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...