Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2770
Views
5
Helpful
5
Replies

ASA Clientless VPN - Smart-tunnel process mstsc.exe

Go to solution
#TCN
Level 1
Level 1

‎02-22-2017 07:17 AM

Hello

I have successfully configured a smart-tunnel process (mstsc.exe) which works great using IP address. (ASA Code 9.6)

e.g.

when connected to my client-less VPN I can open my local remote desktop manager within Windows then enter IP address of the internal PC / server etc ...this connects just fine.

I am unable to get this working using the DNS name (fqdn) of the PC or server, e.g. from within my remote desktop connection I enter pc123 or pc123.domain.com - this fails to connect.

from the ASA I can ping using fqdn or the above PC / server without any issues.

Can you help?

Jim,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎02-22-2017 11:31 AM

Do you have some smart tunnel network policy in place to allow access to only certain networks internally?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎02-22-2017 11:31 AM

Do you have some smart tunnel network policy in place to allow access to only certain networks internally?

0 Helpful

Go to solution
#TCN
Level 1
Level 1
In response to Rahul Govindan

‎02-23-2017 03:16 AM

Yes I believe i do Rahul 

There is a smart-tunnel application list containing mstsc.exe and also a smart-tunnel network policy that contains the subnet for the DNS server - this is enabled on the group policy

on the smart-tunnel network policy the tunnel option is set to "use smart tunnel for the specified network"

Cheers

Jim

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to #TCN

‎02-23-2017 03:43 AM

You may have to add the hostname of the server in the smart tunnel list in order to do DNS resolution for it. There smart tunnel list has the section for both ip address and hostname. This also shows up as an info message in the ASDM when configuring the list. See attached.

Preview file
18 KB

Go to solution
#TCN
Level 1
Level 1
In response to Rahul Govindan

‎02-23-2017 03:53 AM

Yes good spot Rahul,

I will add the /32 IP address and hostname to the network list and update you soon.

Thanks again.

Jim

0 Helpful

Go to solution
#TCN
Level 1
Level 1
In response to Rahul Govindan

‎02-23-2017 07:58 AM

Hi Rahul

Thanks for pointing me in the right direction - I got this working by adding the (star.domain.com) *.domain.com to the smart tunnel network list

I can now RDP to any machine on the LAN e.g. PC123.domain.com

My next challenge will be to get this working minus the full domain name e.g. PC123

I have marked this as correct and 5/5 for your help.

Cheers

Jim.

0 Helpful
Customers Also Viewed These Support Documents