Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
932
Views
0
Helpful
0
Replies

Unable to access local Share Drive and https Webportal internally

ismail.mdothman
Level 1
Level 1

‎10-20-2017 06:08 AM - edited ‎03-21-2019 10:57 AM

Hi All,

I need to get further help. I cant access into network share drive and https after connected with cisco client VPN. What I realize, after connected, I can ping to the IP and the DNS name but cant ping to the hostname. I running the ASA version 9.6(1). The DNS is installed in internal network. The VPN IP pool is leased from the Core Switch, under VPN VLAN, and I have created subinterface at ASA for the VPN DHCP IP leasing. 

 

 

Hi All,


I need to get further help. I cant access into network share drive and https after connected with cisco client VPN.

What I realize, after connected with cisco client vpn version 5.0.0.7.0.290, I can only ping to the IP addr and the DNS name but cant ping to the hostname. I running the ASA version 9.6(1). The DNS is installed in internal network (192.168.55.0/24). The VPN IP pool is leased from the Core Switch, under VPN VLAN (10.8.16.0/24), and I have created subinterface at ASA for the VPN DHCP IP leasing. 
Below are some config done for Client VPN IKE1. Thank you for reading and assistant.

!
interface GigabitEthernet1/1
description ** INTERNAL Network **
nameif Inside
security-level 100
ip address 192.168.55.251 255.255.255.0
!
interface GigabitEthernet1/1.16
vlan 16
nameif VPN
security-level 100
ip address 10.8.16.2 255.255.255.0
!
interface GigabitEthernet1/2
description ** INTERNET **
nameif Outside
security-level 0
ip address 123.45.678.9 255.255.255.248
!

access-list Outside_access_in extended permit icmp 10.8.16.0 255.255.255.0 192.168.55.0 255.255.255.0 echo
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 10.8.16.0 255.255.255.0 object-group DM_INLINE_NETWORK_20
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_4 10.8.16.0 255.255.255.0 192.168.55.0 255.255.255.0
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_6 192.168.55.0 255.255.255.0 10.8.16.0 255.255.255.0
access-list Inside_access_in_1 extended permit object-group DM_INLINE_SERVICE_8 10.8.16.0 255.255.255.0 192.168.55.0 255.255.255.0
access-list TCP_BYPASS extended permit object-group DM_INLINE_SERVICE_5 10.8.16.0 255.255.255.0 192.168.55.0 255.255.255.0
access-list PRPGRemoteVPN_SplitTunnelPolicy standard permit 192.168.55.0 255.255.255.0
access-list PRPGRemoteVPN_SplitTunnelPolicy standard permit 10.8.16.0 255.255.255.0

object-group service DM_INLINE_SERVICE_1
service-object ip
service-object udp destination eq domain

object-group service DM_INLINE_SERVICE_4
service-object ip
service-object udp destination eq domain
service-object tcp destination eq hostname
service-object tcp destination eq https
service-object udp destination eq dnsix

object-group service DM_INLINE_SERVICE_5
service-object ip
service-object icmp
service-object tcp destination eq domain
service-object udp destination eq domain
service-object udp destination eq netbios-ns
service-object tcp destination eq hostname
service-object tcp destination eq https

object-group service DM_INLINE_SERVICE_6
service-object ip
service-object tcp destination eq hostname
service-object tcp destination eq https
service-object udp destination eq domain
service-object udp destination eq dnsix

object-group service DM_INLINE_SERVICE_8
service-object ip
service-object tcp
service-object tcp destination eq hostname
service-object tcp destination eq https
service-object udp destination eq domain
!
nat (Inside,Outside) source static Network-192.168.55.0 Network-192.168.55.0 destination static VLAN16 VLAN16 no-proxy-arp
!
group-policy PRPGRemoteVPN_SalesKL internal
group-policy PRPGRemoteVPN_SalesKL attributes
dns-server value 192.168.55.204 192.168.55.201
vpn-tunnel-protocol ikev1 ikev2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value PRPGRemoteVPN_SplitTunnelPolicy
vpn-group-policy PRPGRemoteVPN_SalesKL
service-type remote-access
username Sales-4 password eELoovXD.3PA93ev encrypted
username Sales-4 attributes
!
tunnel-group PRPGRemoteVPN_SalesKL type remote-access
tunnel-group PRPGRemoteVPN_SalesKL general-attributes
default-group-policy PRPGRemoteVPN_SalesKL
dhcp-server link-selection 10.8.16.1
tunnel-group PRPGRemoteVPN_SalesKL ipsec-attributes
ikev1 pre-shared-key *****
!

!
class-map TCP_BYPASS
match access-list TCP_BYPASS
class-map sfr
match access-list sfr_redirect
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class TCP_BYPASS
set connection advanced-options tcp-state-bypass
class sfr
sfr fail-open monitor-only
class class-default
user-statistics accounting
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous

 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents