Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2530
Views
0
Helpful
3
Replies

anyconnect and windows file shares with windows 7

mialbert
Level 1
Level 1

‎10-21-2011 05:11 AM - edited ‎02-21-2020 05:40 PM

I have anyconnect ssl vpn installed and configured on two isr's and an asa - all different networks. On all three, winxp clients work fine(can icmp ping by address, by name, routing fine to all networks, split tunneling fine etc..). The win7 clients cannot render windows file shares however(\\servername), but otherwise work fine.  I have noticed that the win7 clients do not even try to negotiate smb with the target server.  they negotiate dns fine, but they are not negotiating smb(they stay locked in a tcp communication loop and timeout).  The clients are the latest 2.5.  could this be a client issue, or something else. 

Labels:
0 Helpful
3 Replies 3

Craig Lorentzen
Cisco Employee
Cisco Employee

‎10-21-2011 09:35 AM

Hello Mialbert,

Please explain what data collection and testing you have done to understand if 1) These Windows 7 hosts work without AnyConnect, and 2) How they normally work, and 3) How that differs from Windows XP.

As you may known, VPNs are only concerned with the Layer 3 activity and so the fact that one OS works fine and the other doesn't seems to indicate an OS Level issue, not an AnyConnect issue.

The DNS Server that they are resolving too, is that over the Tunnel?  what type of tunnel, Split-Tunnel or Tunnel-All?

It would help you to have

1) A network diagram including the ip addresses of the anyconnect client, dns server, smb server, and the Windows 7 IP when testing on the LAN.

2) 'sh tech' from the ISR configured for sslvpn access

3) simultaneous packet captures from the client & server side during the following tests a) When attempting to mount smb share through anyconnect client connection and b) When mounting smb share through corporate LAN connection.  You can then review the differences in the packet capture to see where things are breaking.

4) Perhaps you should also compare a LAN capture of Windows XP to a LAN capture of Windows 7 to understand how the two differ in SMB functionality.  I am sure that Microsoft will also be able to help expedite resolution.

Regards,

Craig

0 Helpful

mialbert
Level 1
Level 1
In response to Craig Lorentzen

‎10-24-2011 06:45 AM

thanks craig.  i've found that this is an av issue.  my test station was on win7 plain upgraded it to win7 sp1 and still didn't resolve shares.  when i disabled av it worked fine.  This is the latest version of trend(7.0).  ever heard of any issues with trend and anyconnect. 

0 Helpful

Craig Lorentzen
Cisco Employee
Cisco Employee
In response to mialbert

‎10-24-2011 10:00 AM

Hello Mialbert,

Yes we have seen security software cause issues with network connectivity.  And as you found it was not a Cisco AnyConnect issue.

-Craig

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents