cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2375
Views
0
Helpful
9
Replies

NetBIOS Not Traversing Cisco VPN

netstruxure
Level 1
Level 1

Using Cisco VPN Client against a PIX firewall. Internal WINS Server is a Linux/Samba domain controller. Everything has worked great for over a year and everything still works great INSIDE the firewall. Suddenly however, VPN users are unable to get accurate NetBIOS name resolution from the WINS server. All internal NetBIOS names resolve to an outside address. (Always the same one too.)

It's as if Ports 137 & 138 are blocked or even redirected, but I'm not seeing any rules to that affect. What puzzles me the most is that names are resolving, but to some outside IP address.

________________

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : <Our Domain Name>

Description . . . . . . . . . . . : Cisco Systems VPN Adapter

Physical Address. . . . . . . . . : 00-05-9A-3C-78-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.5.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : <Linux DNS IP>

24.221.30.4

Primary WINS Server . . . . . . . : <Correct Samba DC IP>

Secondary WINS Server . . . . . . : <Correct Samba DC IP>

P:\>

Placing the Samba server in the lmhosts file has not helped in getting accurate resolution of other NetBIOS hosts.

Any help you can provide is much appreciated!

- CLC

9 Replies 9

netstruxure
Level 1
Level 1

Note: Here is an example of pinging a NetBIOS host from a PC running Cisco VPN Client:

P:\>ping

Pinging . [64.202.167.129] with 32 bytes of data:

Reply from 64.202.167.129: bytes=32 time=40ms TTL=110

Reply from 64.202.167.129: bytes=32 time=39ms TTL=110

Reply from 64.202.167.129: bytes=32 time=40ms TTL=110

Reply from 64.202.167.129: bytes=32 time=39ms TTL=110

Ping statistics for 64.202.167.129:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 40ms, Average = 39ms

P:\>

____________

Yup. Everything looks great. However, 64.202.167.129 is the wrong address! Furthermore, it's *not* an inside address and is *not* associated with us in any way. This name resolution is not coming from DNS and it is resolved correctly by PCs inside the net. The incorrect name resolution also stops when the we disconnect from the VPN.

The problem does not seem to be with the VPN client because I can use it against other PIX firewalls without issue. It also began impacting all VPN users on this PIX simultaniously.

Hope this sheds a bit more light on the issue.

Thanks!

- CLC

networks
Level 1
Level 1

Hi,

Is this happening to only a single laptop or is all the users experiencing the same issues? Would also suggest maybe checking the pix logs to verify if the wins requests are actually being passed through the pix.

Hi.

Thanks for the response. This problem is occuring for everyone using the VPN.

I have not seen anything unusual in the PIX logs. Actually, I'm not seeing anything at all in the logs, at least through PDM. I'm still only starting out with PIX firewalls. Is there a better way to view the logs?

Thanks!

- CLC

post the config with public ip masked.

Here ya go! Please see attachment.

- CLC

just a quick thought.

when the vpn is up, can they ping each other? i mean the remote pc and the internal dns server. it seems like the remote pc wasn't able to connect to the internal dns server, so it sent the request to the public one.

mrchavez
Level 1
Level 1

I am having a very similar problem. I can connect and receive my listed dns and wins server addresses when I do a ipconfig /all. I can see my active session from ASDM and recieve a valid ip from my pool. However I cannot access local resources, dns, email, etc. What is even wieredr is that this only effects some workstations not all.

Ivan Martinon
Level 7
Level 7

Is NetBIOS over TCP enabled on the remote hosts?

Yes. I have enable my logs and see:

Successful connect: Atch. what2

Bad connect: Atch. what

Review Cisco Networking for a $25 gift card