This is only happening on the

JonRM1970 · ‎01-16-2016

I recently changed our Asa device from a pix to a new 5510 with 9.1.2 iOS on it. The device has a Vpn tunnel pinned up to our data center where our production servers are. Prior to changing out the Asa, I was able to map a drive to a shared folder on the production servers. Now after changing it out I cannot map a drive, but I can connect through an rdp session ok. If I go outside the office and remote in to the data center directly it works fine so it has to be in the new device and settings.

My question is, why can I use an rdp session but not map a drive?

Is there something that I can check to see if it's set up properly? I need to be able to map a drive again.

any help would be appreciated.

Jon

carlguer · ‎01-17-2016

Hi Jon,

Could you please elaborate on the type of VPN connection?

Also if you could provide the settings for the tunnel that can help in finding the source of the problem.

Maybe there's a filter that is not allowing some connections or an inspection might be causing some issues, but we don't know for sure until we see the configuration.

JonRM1970 · ‎01-19-2016

Carl,

This is a L2L pinned up tunnel. IT runs from our office to the co-lo data center.

Settings for the tunnel: (tunnel-group, access-list and NAT)

Please advise if all settings are needed.

--------------------

OFFICE(config)# sho run tunnel-group

address-pool VPN-POOL
default-group-policy officeVPN
tunnel-group ehds ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 206.5X.XX.XX type ipsec-l2l
tunnel-group 206.5X.XX.XX ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 20 retry 2

crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 206.5X.XX.XX
crypto map outside_map 2 set ikev1 transform-set ESP-3DES-MD5

access-list ehds_splitTunnelAcl line 3 standard permit 192.168.XXX.0 255.255.255.0 (hitcnt=0) 0xc6edbe21

access-list ehds_splitTunnelAcl line 2 standard permit 10.101.XXX.0 255.255.0.0 (hitcnt=0) 0xde97f31c

access-list outside_2_cryptomap; 1 elements; name hash: 0x8d0d4873
access-list outside_2_cryptomap line 1 extended permit ip object NET-LOCAL object DAYTON (hitcnt=14039) 0x6e56d85e
access-list outside_2_cryptomap line 1 extended permit ip 192.168.169.0 255.255.255.0 10.101.0.0 255.255.0.0 (hitcnt=14039) 0x6e56d85e

(inside) to (outside) source static NET-LOCAL NET-LOCAL destination static DAYTON DAYTON
translate_hits = 3565127, untranslate_hits = 3588700

carlguer · ‎01-19-2016

Hi Jon,

Are you having this problem across the site to site?

Or the problem is presenting while using remote-access?

Do you have any kind of filter applied?

You can try deleting and creating the map-drive from the computer just to make sure that the configuration is correct.

JonRM1970 · ‎01-19-2016

This is only happening on the Site-to-Site Tunnel. If I disconnect from the Office ASA and go to the Data Center ASA direct, it will work fine.

No filter that I know of. This is a basic setup for a l2l tunnel and VOIP phone access. Nothing else on it.

carlguer · ‎01-21-2016

Try deleting the configuration for the map drive and then creating it again.

You are permitting ip, you should be able to at least contact the ip using ping, if not maybe there's an inspection blocking the connection.

Vpn and Mapped drive not working