VPN Problems

adamf · ‎02-14-2002

Hello everyone..

Last night we setup a Pix 506.. we're using pre-shared keys.. and we can connect to the network.. but we're seeming to have netbios problems.. we can't fully browse the inside network from the remote location. i can't check email.. ping by netbios names ( but i can ping the inside remote network by IP (10.0.0.0 scheme) so i know im connecting.. but it seems to be a netbios problem. Anyone had this problem?.. Any suggestions?

r-remien · ‎02-14-2002

1. Is this a site to site VPN (Router to Pix)?

a.If so what IOS on the router are you using (the flash file name)?

2. Are you using the nat (inside) 0 command on the 506 to pass IPSEC traffic?

If all these questions are yes, then an access-list somewhere (probably the outgoing access-list bound to the inside interface on the 506) is denying, at a minimum, one or more of the following ports.

TCP port 135 - Allow client to come in via MSRPC

TCP port 139 - The netbios connection. This port is the connection that is maintained during the MAPI session. If you do a netstat -a -n, you will see that you have an "established" connection to IP of mail server:139 while Outlook is open.

UDP port 137 and port 138 - used by WINS and Exchange to allow updates of new changes. (Such as new email being sent to an Outlook client's inbox).

Also, there are 2 tcp ports in the range of 1024-65536 that are used to deliver mail back from the client.

I can get more specific if this is close to your setup.

RJ

j.velasquez · ‎03-01-2002

try setting your MTU to 1400

and add an ip-helper address for your VPN subnet