Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
3
Helpful
2
Replies

Accessing UNC Name While VPN

Live2 Bicycle
Level 3
Level 3

‎09-08-2005 12:23 PM - edited ‎03-03-2019 10:27 AM

I recently setup Cisco VPN access for some of our remote users. While the users are VPN in they are not able to access resources using the UNC name. The ip address works just not the UNC name. I think it is something in my ACL. Can someone offer any suggestions to what I might be missing. Below is current config:

resource policy

!

ip subnet-zero

!

ip cef

ip inspect name fw ftp timeout 3600

ip inspect name fw h323 timeout 3600

ip inspect name fw http java-list 3 timeout 3600

ip inspect name fw rcmd timeout 3600

ip inspect name fw realaudio timeout 3600

ip inspect name fw tcp timeout 3600

ip inspect name fw tftp timeout 30

ip inspect name fw udp timeout 15

ip inspect name fw vdolive timeout 3600

ip inspect name fw streamworks timeout 3600

ip inspect name fw sqlnet timeout 3600

ip inspect name fw dns timeout 3600

ip inspect name fw pop3 timeout 3600

no ip dhcp use vrf connected

!

no ip ips deny-action ips-interface

ip domain name indydomain.local

ip name-server 10.1.35.52

ip name-server 10.1.34.55

!

interface Loopback0

ip address 192.168.34.1 255.255.255.0

!

interface FastEthernet0/0

description connected to 10.1.34.0

ip address 10.1.34.2 255.255.255.0

ip helper-address 10.1.35.52

ip helper-address 10.1.34.55

no ip redirects

ip nat inside

no ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/0/0

description PTP to Greenwood

ip address 10.0.0.2 255.255.255.248

ip nat inside

no ip virtual-reassembly

service-module t1 clock source internal

service-module t1 timeslots 1-24

service-module t1 remote-alarm-enable

!

interface Serial0/1/0

description PTP to Internet

ip address xxx.xxx.xxx.xxx 255.255.255.252

ip access-group 100 in

ip inspect fw out

ip nat outside

no ip virtual-reassembly

ip route-cache flow

service-module t1 timeslots 1-24

crypto map rtp

!

router rip

version 2

network 10.0.0.0

no auto-summary

!

ip local pool VPNPool 172.16.0.1 172.16.0.254

ip classless

no ip forward-protocol udp tftp

no ip forward-protocol udp domain

no ip forward-protocol udp time

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

ip route 0.0.0.0 0.0.0.0 XXX.114.64.209

ip route 10.1.35.0 255.255.255.0 10.0.0.3

!

ip nat inside source route-map nonat interface Serial0/1/0 overload

ip nat inside source static 10.1.34.59 xxx.114.118.1

ip nat inside source static 10.1.34.156 xxx.114.118.2

ip nat inside source static 10.1.35.56 xxx.114.118.3

ip nat inside source static 10.1.35.253 xxx.114.118.4

ip nat inside source static 10.1.34.55 xxx.114.118.5

ip nat inside source static 10.1.35.52 xxx.114.118.10

!

access-list 10 permit 10.0.0.0 0.0.0.255

access-list 100 permit tcp any host xxx.114.118.1 eq 3389

access-list 100 permit tcp any host xxx.114.118.2 eq 3389

access-list 100 permit tcp any host xxx.114.118.3 eq 5900

access-list 100 permit tcp any host xxx.114.118.4 eq 5900

access-list 100 permit tcp any host xxx.114.118.5 eq 3389

access-list 100 permit tcp any host xxx.114.118.10 eq 3389

access-list 100 permit udp any host xxx.114.64.210 eq isakmp

access-list 100 permit udp any host xxx.114.64.210 eq non500-isakmp

access-list 100 permit udp any host xxx.114.64.210 eq 10000

access-list 100 permit icmp any any echo-reply

access-list 100 permit icmp any any host-unreachable

access-list 100 permit icmp any any time-exceeded

access-list 101 deny ip 10.1.34.0 0.0.0.255 172.16.0.0 0.0.0.255

access-list 101 deny ip 10.1.35.0 0.0.0.255 172.16.0.0 0.0.0.255

access-list 101 permit ip 10.1.34.0 0.0.0.255 any

access-list 101 permit ip 10.1.35.0 0.0.0.255 any

access-list 101 permit ip 10.1.36.0 0.0.0.255 any

access-list 101 permit ip 10.0.0.0 0.0.0.7 any

access-list 102 permit ip 10.0.0.0 0.255.255.255 any

access-list 150 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.0.0.255

route-map nonat permit 10

match ip address 101

Labels:
0 Helpful
2 Replies 2

b.hsu
Level 5
Level 5

‎09-14-2005 01:29 PM

For accessing resources or folders through the firewall, you can either use the Universal Naming Convention (UNC), entering \\resource_name, for example; or you can double-click the Network Neighborhood icon.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00801ab781.shtml

Live2 Bicycle
Level 3
Level 3
In response to b.hsu

‎09-15-2005 10:46 AM

When the users are VPN they are essentially on the network. The accesslist applied to the crypto isakmp client configuration is ACL 150. ACL 150 reads -

access-list 150 remark ACL for crypto isakmp client configuration group

access-list 150 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.0.0.255

Shouldn't this be allowing all the traffice required to access net resources?

0 Helpful
Customers Also Viewed These Support Documents