09-29-2005 04:51 PM - edited 02-21-2020 12:26 AM
Using Cisco VPN Client against a PIX firewall. Internal WINS Server is a Linux/Samba domain controller. Everything has worked great for over a year and everything still works great INSIDE the firewall. Suddenly however, VPN users are unable to get accurate NetBIOS name resolution from the WINS server. All internal NetBIOS names resolve to an outside address. (Always the same one too.)
It's as if Ports 137 & 138 are blocked or even redirected, but I'm not seeing any rules to that affect. What puzzles me the most is that names are resolving, but to some outside IP address.
________________
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : <Our Domain Name>
Description . . . . . . . . . . . : Cisco Systems VPN Adapter
Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.5.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : <Linux DNS IP>
24.221.30.4
Primary WINS Server . . . . . . . : <Correct Samba DC IP>
Secondary WINS Server . . . . . . : <Correct Samba DC IP>
P:\>
Placing the Samba server in the lmhosts file has not helped in getting accurate resolution of other NetBIOS hosts.
Any help you can provide is much appreciated!
- CLC
09-30-2005 09:41 AM
Note: Here is an example of pinging a NetBIOS host from a PC running Cisco VPN Client:
P:\>ping
Pinging
Reply from 64.202.167.129: bytes=32 time=40ms TTL=110
Reply from 64.202.167.129: bytes=32 time=39ms TTL=110
Reply from 64.202.167.129: bytes=32 time=40ms TTL=110
Reply from 64.202.167.129: bytes=32 time=39ms TTL=110
Ping statistics for 64.202.167.129:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 39ms, Maximum = 40ms, Average = 39ms
P:\>
____________
Yup. Everything looks great. However, 64.202.167.129 is the wrong address! Furthermore, it's *not* an inside address and is *not* associated with us in any way. This name resolution is not coming from DNS and it is resolved correctly by PCs inside the net. The incorrect name resolution also stops when the we disconnect from the VPN.
The problem does not seem to be with the VPN client because I can use it against other PIX firewalls without issue. It also began impacting all VPN users on this PIX simultaniously.
Hope this sheds a bit more light on the issue.
Thanks!
- CLC
10-05-2005 01:35 PM
Hi,
Is this happening to only a single laptop or is all the users experiencing the same issues? Would also suggest maybe checking the pix logs to verify if the wins requests are actually being passed through the pix.
10-05-2005 05:06 PM
Hi.
Thanks for the response. This problem is occuring for everyone using the VPN.
I have not seen anything unusual in the PIX logs. Actually, I'm not seeing anything at all in the logs, at least through PDM. I'm still only starting out with PIX firewalls. Is there a better way to view the logs?
Thanks!
- CLC
10-12-2005 09:44 PM
post the config with public ip masked.
10-13-2005 09:18 AM
10-13-2005 03:44 PM
just a quick thought.
when the vpn is up, can they ping each other? i mean the remote pc and the internal dns server. it seems like the remote pc wasn't able to connect to the internal dns server, so it sent the request to the public one.
04-07-2009 01:27 PM
I am having a very similar problem. I can connect and receive my listed dns and wins server addresses when I do a ipconfig /all. I can see my active session from ASDM and recieve a valid ip from my pool. However I cannot access local resources, dns, email, etc. What is even wieredr is that this only effects some workstations not all.
04-08-2009 06:32 AM
Is NetBIOS over TCP enabled on the remote hosts?
04-08-2009 08:06 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide