Hey Mike,

NetBIOS is supported by performing NAT of the packets for NBNS UDP port 137 and NBDS UDP port 138.

Link-

http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/inspect_overview.html

Have you enabled "inspect netbios" on ASA?

Regards

Gurpreet

Hi Julio,

Config pasted below..

@Gurpreet - I see that:

NetBIOS is supported by performing NAT of the packets for  NBNS UDP port 137 and NBDS UDP port 138.

I do not know how to Nat these ports though, is it through the fixup protocol?

ASA Version 8.2(5)

!

hostname fw-us-leb-001

domain-name na.lan

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address 172.19.241.250 255.255.255.0

!

interface Ethernet0/1

speed 100

duplex full

nameif inside

security-level 100

ip address 172.19.242.1 255.255.255.224

!

interface Ethernet0/2

no nameif   

no security-level

!

interface Ethernet0/3

shutdown

no nameif

no security-level

!

interface Management0/0

speed 100

duplex full

nameif management

security-level 100

ip address 172.30.240.51 255.255.255.248

management-only

!

ftp mode passive

dns server-group DefaultDNS

domain-name na.lan

access-list OUTSIDE-inbound extended permit ip any host 172.19.242.2

access-list OUTSIDE-inbound extended permit ip any any

access-list OUTSIDE-inbound extended permit icmp any host 172.19.242.5 echo

access-list OUTSIDE-outbound extended permit ip any any

access-list OUTSIDE-outbound extended permit tcp any any eq 3389

access-list OUTSIDE-outbound extended permit tcp any any eq www

access-list OUTSIDE-outbound extended permit tcp any any eq https

access-list OUTSIDE-outbound extended permit tcp any any eq ftp-data

access-list OUTSIDE-outbound extended permit udp host 172.19.242.5 any eq 50

access-list OUTSIDE-outbound extended permit udp any any eq ntp

access-list OUTSIDE-outbound extended permit udp any any eq tftp

access-list OUTSIDE-outbound extended permit tcp any any eq ftp

access-list OUTSIDE-outbound extended permit tcp any any eq domain

access-list OUTSIDE-outbound extended permit tcp any any eq ssh

access-list OUTSIDE-outbound extended permit tcp any any eq smtp

access-list OUTSIDE-outbound extended permit ip any host 172.19.156.137

access-list OUTSIDE-outbound extended permit ip any host 172.19.156.138

access-list OUTSIDE-outbound extended permit ip any host 172.19.157.4

access-list OUTSIDE-outbound extended permit ip any host 172.19.157.5

access-list OUTSIDE-outbound extended permit ip any host 172.19.157.12

access-list OUTSIDE-outbound extended permit ip any host 172.19.157.128

access-list OUTSIDE-outbound extended permit ip any host 172.19.157.194

access-list OUTSIDE-outbound extended permit udp any host 172.19.157.9 eq 12345

access-list OUTSIDE-outbound extended permit tcp any host 172.19.157.9 eq 12345

access-list OUTSIDE-outbound extended permit icmp any any time-exceeded

access-list OUTSIDE-outbound extended permit icmp any any unreachable

access-list OUTSIDE-outbound extended permit icmp any any source-quench

access-list OUTSIDE-outbound extended permit icmp any any echo-reply

access-list OUTSIDE-outbound extended deny ip any any

access-list testcap extended permit tcp any any

access-list testcap extended permit udp any any

access-list testcapinside extended permit tcp any any

access-list testcapinside extended permit udp any any

access-list testcapinside extended permit ip any any

pager lines 24

logging enable

logging timestamp

logging monitor informational

logging buffered debugging

logging trap informational

logging history errors

logging facility 22

logging host management 172.30.240.253

mtu outside 1500

mtu inside 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

icmp permit any outside

icmp permit any echo-reply outside

icmp permit any unreachable outside

icmp permit any echo-reply management

icmp permit any management

no asdm history enable

arp timeout 14400

access-group OUTSIDE-inbound in interface outside

access-group OUTSIDE-outbound out interface outside

route outside 0.0.0.0 0.0.0.0 172.19.241.254 1

route management 172.30.0.0 255.255.0.0 172.30.240.49 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (management) host 172.30.36.200

timeout 15

key *****

aaa-server TACACS+ (management) host 172.30.36.10

timeout 15

key *****

aaa-server RADIUS protocol radius

aaa authentication enable console TACACS+ LOCAL

aaa authentication telnet console TACACS+ LOCAL

aaa authentication serial console TACACS+ LOCAL

aaa authentication ssh console TACACS+ LOCAL

aaa authorization command LOCAL

snmp-server host management 172.30.240.158 community *****

snmp-server host management 172.30.36.12 community *****

snmp-server host management 172.30.36.195 community *****

snmp-server host management 172.30.36.201 community *****

snmp-server host management 172.30.36.9 poll community *****

snmp-server host management 172.30.38.5 community *****

snmp-server host management 172.30.38.6 community *****

snmp-server host management 172.30.38.7 community *****

snmp-server location Infineon Technologies NA Corp., Milpitas CA 95035 640 N McCarthy Blvd

snmp-server contact Infineon NOC-KLU, Phone +43-51777-4444, email NOC-KLU@infineon.com

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh 172.30.0.0 255.255.0.0 management

ssh timeout 30

console timeout 0

management-access management

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server 172.30.240.253 key 3725 source management

ntp server 172.30.36.125 source management

tftp-server management 172.30.240.158 /

ssl encryption des-sha1 rc4-md5

username nocna password k63UhvskWqNEcomX encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect ip-options

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp

!            

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:18b6d78f5aa4d43bc28ff101ecdc5c1c

: end

[OK]

fw-us-leb-001(config)#