01-25-2011 11:37 AM - edited 03-11-2019 12:39 PM
I have a site-to-site vpn set up between our ASA 5510 and a Pix 515. Everything works fine with a Domain controllers synching from the remote site to the main site. I am having an issue with our backup server not being able to connect to the server via RPC (from ASA side to Pix side). It is giving me a "RPC server is unavailable". How can I test to see which appliance is blocking this traffic an dwhat do I need to add to that side to make this work? Thanks in advance for any assistance you can provide.
01-25-2011 01:25 PM
Hi Darren,
The problem is the server on the ASA side not able to RPC to a server on the PIX side through the VPN correct?
Most likely there's an ACL applied to the inside (or the ASA's interface connected to the server), that is not allowing this traffic, please check on this.
One test could be a simple PING to check if you have IP connectivity between both servers through the tunnel in that direction (if allowed).
Federico.
01-25-2011 01:57 PM
Thank you for your offer of assistance.
I can ping both ways. I have permit any any on the inside interface of the ASA. The only acl on the pix outbound is for the nat control of the interesting traffic to the private side via the tunnel. The domain controllers can do everything they need across the tunnel. The only time I have any issue is when our NAS device tries to connect to the server. The NAS device and PDC are on the ASA side. The BDC is on the Pix side.
Thanks,
Darren
01-25-2011 02:01 PM
Darren,
If that's the case I think the next step in troubleshooting would be to check the logs and captures.
You can search the logs on the ASA/PIX and pipe for the IP addresses in question and check if there's any connection teardown or similar error.
An excellent way to gather a communication problem between two hosts is to use the capture command and open it with wireshark to analize the flow.
http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/c1.html#wp2147322
Federico.
01-26-2011 10:49 AM
When I sniff this I get an IsystemActivator Malformed packet response from the NAS device responding to the BDC. Are you familiar with this type of error. It would appear that this is not a network issue, but rather an OS issue with their negotiation failing. Would you concur?
01-26-2011 10:51 AM
Darren,
I would agree with you.
No network issue... seems like an OS problem.
Hope you can solve the problem.
Federico.
01-26-2011 10:53 AM
Thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide