cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4727
Views
0
Helpful
9
Replies

Can't access the share folder from VPN branch office

junaid haroon
Level 1
Level 1

Hi,

We have headoffice and branch office.both are connected through VPN.From headoffice i want to access the share folder of branch office (\\ipaddress of share folder).Its give me the error no logon server available or your are not authorized.where as from branch office i can access the share folder of head office.

following is the configuration of my branch office router pls help me out.

urrent configuration : 3517 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname KHhhI_RTR

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable password ***************************

!

no aaa new-model

!

dot11 syslog

ip source-route

!

!

ip cef

!

!

no ip domain lookup

ip name-server 202.163.96.3

ip name-server 202.163.96.4

no ipv6 cef

!

!

voice-card 0

!

!

!

!

!

archive

log config

  hidekeys

!

!

crypto isakmp policy 10

hash md5

authentication pre-share

group 2

crypto isakmp key *********************** address 124.109.46.242

!

!

crypto ipsec transform-set tset esp-des esp-md5-hmac

!

crypto map smap 10 ipsec-isakmp

set peer 124.109.46.242

set transform-set tset

match address 101

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.254 255.255.255.0

no shutdown

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

!

interface ATM0/2/0

no shutdown

no ip address

no atm ilmi-keepalive

pvc 0/35

pppoe-client dial-pool-number 1

!

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username ************ password 0 ******

crypto map smap

no shutdown

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

no ip http secure-server

!

!

ip nat inside source list 111 interface Dialer1 overload

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 host 124.109.46.245

access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 111 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 111 permit ip 192.168.1.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

!

!

!

route-map nat permit 10

match ip address 102

!

!

snmp-server community makkays RO

snmp-server community public RO

snmp-server enable traps tty

!

control-plane

!

!

!

!

mgcp fax t38 ecm

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

!

scheduler allocate 20000 1000

time-range open-hours

!

end

1 Accepted Solution

Accepted Solutions

Ok, then check firewall on that machine. If the folder is shared. Seems VPN connection works fine. What about device on Branch office is there any ACL or firewall turned on. If it doesn't work show config from branch router/firewall.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

View solution in original post

9 Replies 9

Abzal
Level 7
Level 7

Hi,

Fix this crypto ACL:

access-list 101 permit ip 192.168.1.0 0.0.0.255 host 124.109.46.245

access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

no access-list 101 permit ip 192.168.1.0 0.0.0.255 any

And if there are any other subnet in Branch office you need to add them to crypto ACL as well. And deny them in ACL #111.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

Hi,

I did the same ACL as you said but still facing a issue

Hi,

Then show your current fixed config. Can you ping that server from Head office?

Show some output:

show crypto ipsec sa

show crypto session

show crypto session detail

debug crypto ipsec
debug crypto isakmp

Then try to establish a connection.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

Yea Abzal

I can ping,take the remote destop of any pc of branch office fron our headoffice.But problem come when i try to access the share

Ok, then check firewall on that machine. If the folder is shared. Seems VPN connection works fine. What about device on Branch office is there any ACL or firewall turned on. If it doesn't work show config from branch router/firewall.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

Yes i checked the Firewall it is turn off.

Following is the configuration of branch router

urrent configuration : 3517 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname KHhhI_RTR

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable password ***************************

!

no aaa new-model

!

dot11 syslog

ip source-route

!

!

ip cef

!

!

no ip domain lookup

ip name-server 202.163.96.3

ip name-server 202.163.96.4

no ipv6 cef

!

!

voice-card 0

!

!

!

!

!

archive

log config

  hidekeys

!

!

crypto isakmp policy 10

hash md5

authentication pre-share

group 2

crypto isakmp key *********************** address 124.109.46.242

!

!

crypto ipsec transform-set tset esp-des esp-md5-hmac

!

crypto map smap 10 ipsec-isakmp

set peer 124.109.46.242

set transform-set tset

match address 101

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.254 255.255.255.0

no shutdown

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

!

interface ATM0/2/0

no shutdown

no ip address

no atm ilmi-keepalive

pvc 0/35

pppoe-client dial-pool-number 1

!

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username ************ password 0 ******

crypto map smap

no shutdown

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

no ip http secure-server

!

!

ip nat inside source list 111 interface Dialer1 overload

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 host 124.109.46.245

access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 111 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 111 permit ip 192.168.1.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

!

!

!

route-map nat permit 10

match ip address 102

!

!

snmp-server community makkays RO

snmp-server community public RO

snmp-server enable traps tty

!

control-plane

!

!

!

!

mgcp fax t38 ecm

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

!

scheduler allocate 20000 1000

time-range open-hours

!

end

Is your problem solved? If not then show config of Head office.

Try this from any PC in head office:

telnet 445

server_from_brach - IP address of PC from branch that you cannot access shared folder.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

No Not resolved.

Sorry Actually i accidently click on the Coreect answer TAB.Abzal i don't think the problem is Headoffice firewall bez all other branch offices VPN are terminated on PIX firewall at Headoffice.(Hub spoke VPN).All other branches are working fine.

when i telnet this it give me

not connected message

I think the problem is on that PC from branch.

What if you:

1. try to open the shared folder that you're having problem with from any branch PC.

2. try to open the folder from any other head office's PC(from different PCs).

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal
Review Cisco Networking for a $25 gift card