Asa 5505 Ios 8.4

bmurray · ‎08-13-2012

I configured a new Asa 5505 with Ios 8.44-1-k8.bin and when I installed the Asa the client's after about 1 hour were unable to ping

or map drives to the Asa. I got the following error, %ASA-2-106007: Deny inbound UDP from XXXX to XXXX due to DNS Query. I added the command same-security-traffic permit intra-interface they were then able to ping the server

and connect to the Internet, but still unable to map drives

I could see the connections from the Pc's to the server in a show conn with was tcp port 445 with Saa

I reverted back to Ios 8.25 and everything works.

Here is the configuration

Julio Carvajal · ‎08-13-2012

Hello,

Can you try the following and let me know the result:

no nat (inside,any) source static internal_net internal_net destination static external_net external_net

nat (inside,outside) source static internal_net internal_net destination static external_net external_net

access-list Split_VPN standard permit 172.30.240.0 255.255.255.0

group-policy RemoteVPN attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Split_VPN

Then disconnect from the VPN client and try to reconnect

Also are you sure the DNS server is 172.30.240.41?

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

bmurray · ‎08-14-2012

I cannot try anything right now. The client is up and running on the 8.25 level with no problems.

The dns server is the correct ip.