Question : Problem: Asa site to site domain problem

Hello,

I am trying to connect a remote office to the main office. I have a site to site vpn working, but when a try to connect a computer from the remote site i received the domain not found error. I have the server in the main office and in the remote office there are only 6 pc's and an unix server.

Here are the configs of my asa:

MAIN OFFICE

: Saved
:
ASA Version 7.2(4)
!
hostname asaAgesco
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.101 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 10.0.0.10 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list inbound extended permit icmp any any
access-list inbound extended permit tcp any interface outside eq www
access-list In_Agesco_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 192.168.10.200 192.168.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list Agesco_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list Agesco_in_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list Test_splitTunnelAcl standard permit any
access-list Agesco_splitTunnelAcl_1 standard permit any
access-list Otro_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool Agesco 192.168.10.50-192.168.10.60 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.10.200 www netmask 255.255.255.255
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.10.0 255.255.255.255 inside
http 192.168.10.0 255.255.255.0 inside
http 192.168.10.200 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs group1
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs group1
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs group1
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs group1
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 140 set pfs group1
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group5
crypto map outside_map 1 set peer 212.145.203.14
crypto map outside_map 1 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

webvpn
enable outside
svc image disk0:/sslclient-win-1.1.0.154.pkg 1
svc enable
url-list Srv01bf "DomainServer" cifs://192.168.10.200 1
tunnel-group-list enable
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
webvpn
functions url-entry file-access file-entry file-browsing
svc required
group-policy Agesco internal
group-policy Agesco attributes
dns-server value 192.168.10.200
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Agesco_splitTunnelAcl_1
group-policy Agesco_vpn internal
group-policy Agesco_vpn attributes
dns-server value 192.168.10.200
vpn-tunnel-protocol IPSec
group-policy Otro internal
group-policy Otro attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Otro_splitTunnelAcl
username aprat password rTAoeMnYJbZwfHu3 encrypted
username aprat attributes
vpn-group-policy Agesco
username acalvo password uizH6AKS0Iamm5.e encrypted
username acalvo attributes
vpn-group-policy GroupPolicy1
username minderbk password L6.dQvrKQ8OjeCud encrypted
username minderbk attributes
vpn-group-policy DfltGrpPolicy
username javierzb password LdzKyksIR8gynOzb encrypted
username javierzb attributes
vpn-group-policy DfltGrpPolicy
username alfredoic password 5Nel7kuoiggvqc7j encrypted
username alfredoic attributes
vpn-group-policy Agesco
tunnel-group DefaultWEBVPNGroup general-attributes
default-group-policy GroupPolicy1
tunnel-group DefaultWEBVPNGroup webvpn-attributes
nbns-server 192.168.10.200 master timeout 2 retry 2
tunnel-group Agesco type ipsec-ra
tunnel-group Agesco general-attributes
address-pool Agesco
tunnel-group Agesco ipsec-attributes
pre-shared-key *
tunnel-group 212.145.203.14 type ipsec-l2l
tunnel-group 212.145.203.14 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:8f745a749eb16582f394ce1a4539962b
: end

REMOTE OFFICE

hostname asaAgescoMad
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.20.99 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 10.0.0.10 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list inbound extended permit icmp any any
access-list inbound extended permit tcp any interface outside eq www
access-list inbound extended permit tcp any interface outside eq ssh
access-list inbound extended permit tcp any interface outside eq 5430
access-list inbound extended permit tcp any interface outside eq 5431
access-list inbound extended permit tcp any interface outside eq 5432
access-list inbound extended permit tcp any interface outside eq 30865
access-list In_Agesco_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 192.168.20.198 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list Agesco_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list Agesco_in_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list Test_splitTunnelAcl standard permit any
access-list Agesco_splitTunnelAcl_1 standard permit any
access-list Otro_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool Agesco 192.168.20.50-192.168.20.60 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.20.198 www netmask 255.255.255.255
static (inside,outside) tcp interface ssh 192.168.20.198 ssh netmask 255.255.255.255
static (inside,outside) tcp interface 5430 192.168.20.198 5430 netmask 255.255.255.255
static (inside,outside) tcp interface 5431 192.168.20.198 5431 netmask 255.255.255.255
static (inside,outside) tcp interface 5432 192.168.20.198 5432 netmask 255.255.255.255
static (inside,outside) tcp interface 30865 192.168.20.198 30865 netmask 255.255.255.255
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.20.0 255.255.255.255 inside
http 192.168.20.0 255.255.255.0 inside
http 192.168.20.198 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs group1
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs group1
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs group1
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs group1
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 140 set pfs group1
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group5
crypto map outside_map 1 set peer 85.48.226.150
crypto map outside_map 1 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.20.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

group-policy Agesco internal
group-policy Agesco attributes
dns-server value 192.168.20.198
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Agesco_splitTunnelAcl_1
group-policy Agesco_vpn internal
group-policy Agesco_vpn attributes
dns-server value 192.168.20.198
vpn-tunnel-protocol IPSec
group-policy Otro internal
group-policy Otro attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Otro_splitTunnelAcl
username aprat password rTAoeMnYJbZwfHu3 encrypted
username aprat attributes
vpn-group-policy Agesco
username acalvo password uizH6AKS0Iamm5.e encrypted
username acalvo attributes
vpn-group-policy DfltGrpPolicy
username gcabezas password 17eggG7OV1hDloE6 encrypted
username gcabezas attributes
vpn-group-policy Agesco
tunnel-group Agesco type ipsec-ra
tunnel-group Agesco general-attributes
address-pool Agesco
tunnel-group Agesco ipsec-attributes
pre-shared-key *
tunnel-group 85.48.226.150 type ipsec-l2l
tunnel-group 85.48.226.150 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:680608b9981a7e0fbf2389d28a42e8be
: end

Thanks for your help.
Albert.-

Answer : Problem: Asa site to site domain problem

The remote computer has the proper DNS and WINS (if applicable) settings, right? You can ping the server, right?

Random Solutions

Problem: ERROR 800: UNABLE TO ESABLISH A VPN CONNECTION

Problem: Laptop Memory Upgrade Question

Problem: Server 2003 memory issue

Problem: Need scanner driver

Problem: Schematics for computer monitors

Problem: Short range wireless distance measurement

Problem: I want to learn about video cards

Problem: How to Choose Which Outlook Folders to Sync with a Blackberry.

Problem: Veritas Backup Exec. Restore Question.

Problem: Yahoo calendar to pda