10-21-2011 05:11 AM - edited 02-21-2020 05:40 PM
I have anyconnect ssl vpn installed and configured on two isr's and an asa - all different networks. On all three, winxp clients work fine(can icmp ping by address, by name, routing fine to all networks, split tunneling fine etc..). The win7 clients cannot render windows file shares however(\\servername), but otherwise work fine. I have noticed that the win7 clients do not even try to negotiate smb with the target server. they negotiate dns fine, but they are not negotiating smb(they stay locked in a tcp communication loop and timeout). The clients are the latest 2.5. could this be a client issue, or something else.
10-21-2011 09:35 AM
Hello Mialbert,
Please explain what data collection and testing you have done to understand if 1) These Windows 7 hosts work without AnyConnect, and 2) How they normally work, and 3) How that differs from Windows XP.
As you may known, VPNs are only concerned with the Layer 3 activity and so the fact that one OS works fine and the other doesn't seems to indicate an OS Level issue, not an AnyConnect issue.
The DNS Server that they are resolving too, is that over the Tunnel? what type of tunnel, Split-Tunnel or Tunnel-All?
It would help you to have
1) A network diagram including the ip addresses of the anyconnect client, dns server, smb server, and the Windows 7 IP when testing on the LAN.
2) 'sh tech' from the ISR configured for sslvpn access
3) simultaneous packet captures from the client & server side during the following tests a) When attempting to mount smb share through anyconnect client connection and b) When mounting smb share through corporate LAN connection. You can then review the differences in the packet capture to see where things are breaking.
4) Perhaps you should also compare a LAN capture of Windows XP to a LAN capture of Windows 7 to understand how the two differ in SMB functionality. I am sure that Microsoft will also be able to help expedite resolution.
Regards,
Craig
10-24-2011 06:45 AM
thanks craig. i've found that this is an av issue. my test station was on win7 plain upgraded it to win7 sp1 and still didn't resolve shares. when i disabled av it worked fine. This is the latest version of trend(7.0). ever heard of any issues with trend and anyconnect.
10-24-2011 10:00 AM
Hello Mialbert,
Yes we have seen security software cause issues with network connectivity. And as you found it was not a Cisco AnyConnect issue.
-Craig
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: