I have an ASA 5505 with the SSC module and have been able to get the ssl vpn up and running however, for some reason, a few of the shared folders will not show up when I login. I've checked the permissions for the shared folders that don't show up versus the ones that do, and they are exactly the same.
Solved! Go to Solution.
You might have a webvpn acl applied on the ASA that only allows you access to certain shares. Web-type acls can be applied in the dynamic access policies, group policies or user attributes.
Would this have be done by default? I'm pretty sure I did not setup any such
acls and I'm the only one with access to this device. This behavior has
existed since day 1.
On Tue, Dec 14, 2010 at 11:07 AM, hdashnau <
I have used the Cisco thick client to connect to the same network shares
successfully, but not the AnyConnect client.
On Wed, Dec 15, 2010 at 8:18 AM, rahgovin <
Are those folders hidden by any chance? How many folders are shown already? And what code are you running on the ASA?
I believe the best way to get a solution for this issue would be to open up a TAC case as it could be a ASA issue.
The folders are not hidden, I compared the permissions for the folders that
are visible with those that are invisible and they were exactly the same and
they are on the same physical disk. There are quite a few folders maybe
10-15 that are visible. Are you thinking there's a limit as to how many
folders can appear in the WebPortal? I'm running 8.2(2). I've opened a case
with TAC, but I was hoping someone had already solved this problem and could
share their experience.
On Wed, Dec 15, 2010 at 10:37 AM, rahgovin <
It could be the length of the name of the folder which is causing the problem. File shares that have names longer than 13 characters (just the folder name, not the whole share path name) are not visible via Clientless SSL VPN. The CIFS browse server feature does not support double-byte character share names (only supports ascii characters), or the display of share names exceeding 13 characters in length. Refer to MS Articles kb145949<http://support.microsoft.com/kb/145949/> kb160843<http://support.microsoft.com/kb/160843/> for further information. This is a limitation in Microsoft's LANMAN, not ASA software. The server builds this request, which has a fixed name length of 13 characters. LANMAN is an old mechanism for retrieving shares (Windows 95).
You can workaround for the limitation to display the list of these folders , which have names > greater then 13 chars. Remember the limitation is with displaying the list of folders and not actually a limitation to connect to display the content inside the specific folder.
Workaround: The ASA administrator can pre-configure the bookmark(s) for the CIFS folder(s) in question or the user can type in the url/bookmark of the folder (ie. cifs://server/
cifs://server/Do you remember?