Solved: Re: Some Windows file shares not visible via clientless ssl vpn

cgsmithjr · ‎12-14-2010

Hi,

I have an ASA 5505 with the SSC module and have been able to get the ssl vpn up and running however, for some reason, a few of the shared folders will not show up when I login. I've checked the permissions for the shared folders that don't show up versus the ones that do, and they are exactly the same.

Thanks,

Chauncey

hdashnau · ‎12-15-2010

Please remember to rate the posts that helped you and mark the question as resolved if this addressed the issue. Thanks!

View solution in original post

hdashnau · ‎12-14-2010

You might have a webvpn acl applied on the ASA that only allows you access to certain shares. Web-type acls can be applied in the dynamic access policies, group policies or user attributes.

cgsmithjr · ‎12-14-2010

Would this have be done by default? I'm pretty sure I did not setup any such

acls and I'm the only one with access to this device. This behavior has

existed since day 1.

Thanks!

On Tue, Dec 14, 2010 at 11:07 AM, hdashnau <

rahgovin · ‎12-15-2010

It would be good to check if you can access the same shares when you connect to your network via anyconnect client.

cgsmithjr · ‎12-15-2010

I have used the Cisco thick client to connect to the same network shares

successfully, but not the AnyConnect client.

On Wed, Dec 15, 2010 at 8:18 AM, rahgovin <

rahgovin · ‎12-15-2010

Are those folders hidden by any chance? How many folders are shown already? And what code are you running on the ASA?

I believe the best way to get a solution for this issue would be to open up a TAC case as it could be a ASA issue.

cgsmithjr · ‎12-15-2010

The folders are not hidden, I compared the permissions for the folders that

are visible with those that are invisible and they were exactly the same and

they are on the same physical disk. There are quite a few folders maybe

10-15 that are visible. Are you thinking there's a limit as to how many

folders can appear in the WebPortal? I'm running 8.2(2). I've opened a case

with TAC, but I was hoping someone had already solved this problem and could

share their experience.

On Wed, Dec 15, 2010 at 10:37 AM, rahgovin <

hdashnau · ‎12-15-2010

It could be the length of the name of the folder which is causing the problem. File shares that have names longer than 13 characters (just the folder name, not the whole share path name) are not visible via Clientless SSL VPN. The CIFS browse server feature does not support double-byte character share names (only supports ascii characters), or the display of share names exceeding 13 characters in length. Refer to MS Articles kb145949<http://support.microsoft.com/kb/145949/> kb160843<http://support.microsoft.com/kb/160843/> for further information. This is a limitation in Microsoft's LANMAN, not ASA software. The server builds this request, which has a fixed name length of 13 characters. LANMAN is an old mechanism for retrieving shares (Windows 95).


You can workaround for the limitation to display the list of these folders , which have names > greater then 13 chars. Remember the limitation is with displaying the list of folders and not actually a limitation to connect to display the content inside the specific folder.

Workaround: The ASA administrator can pre-configure the bookmark(s) for the CIFS folder(s) in question or the user can type in the url/bookmark of the folder (ie. cifs://server/

Example :

cifs://server/Do you remember?

cifs://server/Do%20you%20remember%3F

cgsmithjr · ‎12-15-2010

This worked, thanks!

On Wed, Dec 15, 2010 at 10:57 AM, hdashnau <

hdashnau · ‎12-15-2010

Please remember to rate the posts that helped you and mark the question as resolved if this addressed the issue. Thanks!