我可以 ping 所有网络设备,但 DNS 似乎无法解析它们的主机名。ipconfig
/all 显示我指向了正确的 dns 服务器。
我可以“ping “dnsname””,它可以解析,但无法解析任何其他名称。
设置了拆分隧道,因此外部 DNS 可以正常解析
因此,一个问题可能是 DNS,但是我有服务器共享的 IP 地址,因此我认为我可以通过这种方式访问它。例如:\10.0.0.1\,我也无法通过这种方式访问它,并且我收到“指定的网络名称不再可用”我可以 ping 它但我无法打开共享。
以下是 ASA 配置:
ASA Version 8.2(1)
!
hostname KG-ASA
domain-name example.com
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.253 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
name-server 10.0.0.101
domain-name blah.com
access-list OUTSIDE_IN extended permit tcp any host 10.0.0.253 eq 10000
access-list OUTSIDE_IN extended permit tcp any host 10.0.0.253 eq 8333
access-list OUTSIDE_IN extended permit tcp any host 10.0.0.253 eq 902
access-list SPLIT-TUNNEL-VPN standard permit 10.0.0.0 255.0.0.0
access-list NONAT extended permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool IPSECVPN-POOL 10.0.1.2-10.0.1.50 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 10000 10.0.0.101 10000 netmask 255.255.255.255
static (inside,outside) tcp interface 8333 10.0.0.101 8333 netmask 255.255.255.255
static (inside,outside) tcp interface 902 10.0.0.101 902 netmask 255.255.255.255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 10.0.0.0 255.255.0.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dynmap 1 set transform-set myset
crypto dynamic-map dynmap 1 set reverse-route
crypto map IPSEC-MAP 65535 ipsec-isakmp dynamic dynmap
crypto map IPSEC-MAP interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 70.60.228.0 255.255.255.0 outside
ssh 74.102.150.0 255.255.254.0 outside
ssh 74.122.164.0 255.255.252.0 outside
ssh timeout 5
console timeout 0
dhcpd dns 10.0.0.101
dhcpd lease 7200
dhcpd domain blah.com
!
dhcpd address 10.0.0.110-10.0.0.170 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 63.111.165.21
webvpn
enable outside
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
group-policy EASYVPN internal
group-policy EASYVPN attributes
dns-server value 10.0.0.101
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL-VPN
!
tunnel-group client type remote-access
tunnel-group client general-attributes
address-pool (inside) IPSECVPN-POOL
address-pool IPSECVPN-POOL
default-group-policy EASYVPN
dhcp-server 10.0.0.253
tunnel-group client ipsec-attributes
pre-shared-key *
tunnel-group CLIENTVPN type ipsec-l2l
tunnel-group CLIENTVPN ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect icmp
!
service-policy global_policy global
prompt hostname context
我不确定下一步该去哪里进行故障排除
nslookup 结果:默认服务器:blahname.blah.lan 地址:10.0.0.101
答案1
尝试在网络配置中将您的 VPN NIC 设置为第一优先级。
http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/
答案2
这似乎不是 VPN 问题。该共享是 Samba 共享,我可以从其日志中看到我被拒绝访问。我正在提出另一个问题来帮助解决该问题。