05-13-2009 09:28 AM - edited 03-10-2019 04:37 AM
Yesterday there was IPS alert: Invalid Netbios Name id=3357, while a Cisco VPN client was connected to the network. The employee ran a virus check-nothing found. Today the employee can not connect to the ASA firewall to set up a VPN connection--the VPN client's authentication box does not show up. The Ciso VPN client's 'connection' entry was deleted and reconfigured, still can not access the ASA. Meanwhile, other clients are able to VPN in. The client was able to access the network yesterday from a hotel. Could the cause of inability to VPN in be due to the after effect(s) of Invalid Netbios Name? Any assistance in trouble shooting would be appreciated.
05-13-2009 12:00 PM
are you running a NAC solution?
05-13-2009 12:02 PM
No, we do not use NAC.
05-13-2009 12:01 PM
also check on the IPS sensor if that user's IP address is in the blocked host list, that would stop them from communicating to the ASA.
05-13-2009 12:30 PM
I am on Cisco IDM 6.2. Do you know how to find out if the IP is blocked?
Thanks.
05-13-2009 12:38 PM
go to monitoring and it will be under one of the following:
denied attackers
host blocks
network blocks
you might have to hit refresh on each one sometimes to see the data.
05-13-2009 01:05 PM
The IP was not blocked in "denied attackers, host blocks, nor network blocks".
05-13-2009 01:08 PM
ok, on the ASA do a "show shun" and see if their IP address shows up in that list.
If not, then you should setup a packet capture on the outside interface and have the user ping the ASA IP, try to connect via VPN and see if you see their packets in the capture.
05-13-2009 01:19 PM
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide