Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
951
Views
0
Helpful
2
Replies

Unable to MS Browse/SMB/CIFS connect over DMVPN

tdorsey123
Level 1
Level 1

‎12-07-2010 03:42 PM - edited ‎02-21-2020 05:00 PM

Technology: Security: VPN and Mobility

Subtechnology: DMVPN (Dynamic Multi-Point VPN)

Problem Code: Configuration Assistance

Software Version: Adv.IP 12.4(15) T13

Routers:
Hub 1811
Spokes 871

Problem Details: I have a DMVPN Hub/Spoke setup and although I can ping, http, and telnet
to port 139 to the server, I cannot map a drive/MS 'browse' to the server.  If I log into
the Hub site through VPN Client the browsing/mapping works fine so I know it is not a end system
or server issue.  Multiple remote sites can also reach the server via a separate MPLS circuit.

Diagram wise:

User <-> Spoke Router <-> Hub Router <-> SMB/Cifs Server

I've tried modifying MTU and enabling/disabling ip virtual reassembly on both ends but no luck.

Does this problem ring a bell to anyone?

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-08-2010 07:32 AM

Hi!

I posted a nice long post about things to check but got disconnected from forums in the meantime :{

I'd start by getting a sniffer trace on server and client at the same time to understand what is exactly being dropped or mangled.

Regarding tweaking of MTU, I'd tweak MSS on tunnel interface not MTU.(start by setting MSS to 1200 and re-check)

I'd check if this is not related to DNS/WINS lookup and try accessing server by IP rather than name, if not already tried.

I'd be also interested if it affects all SMB servers or just this one.

Most modern implementations of SMB use tcp/445 for communication.

What test have you done for HTTP, was it a big page you were trying to access?

I know this doesn't answer your question by at least maybe gives you some pointers.

Marcin

0 Helpful

tdorsey123
Level 1
Level 1
In response to Marcin Latosiewicz

‎12-08-2010 10:28 AM

Thanks Marcin,

     Actually troubleshooting has actually narrowed the problem to the SMB/CIFS server most likely firewalling the DMVPN Networks.  I.E. we were able to SMB/CIFS attach to another server over the DMVPN.(a server that didn't exist at the top of my troubleshooting when I asked for it...:)

I actually had adjusted mss, I was also attemtping to attach by IP, I was leaving packet sniffing as a last resort due to distance between sites...Thanks again for your input

0 Helpful
Customers Also Viewed These Support Documents