Question : Problem: Asa site to site domain problem

Hello,

I am trying to connect a remote office to the main office. I have a site to site vpn working, but when a try to connect a computer from the remote site i received the domain not found error. I have the server in the main office and in the remote office there are only 6 pc's and an unix server.

Here are the configs of my asa:

MAIN OFFICE

: Saved
:
ASA Version 7.2(4)
!
hostname asaAgesco
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.10.101 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 10.0.0.10 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
access-list inbound extended permit icmp any any
access-list inbound extended permit tcp any interface outside eq www
access-list In_Agesco_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 192.168.10.200 192.168.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list Agesco_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list Agesco_in_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list Test_splitTunnelAcl standard permit any
access-list Agesco_splitTunnelAcl_1 standard permit any
access-list Otro_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool Agesco 192.168.10.50-192.168.10.60 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.10.200 www netmask 255.255.255.255
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.10.0 255.255.255.255 inside
http 192.168.10.0 255.255.255.0 inside
http 192.168.10.200 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs group1
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs group1
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs group1
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs group1
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 140 set pfs group1
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group5
crypto map outside_map 1 set peer 212.145.203.14
crypto map outside_map 1 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption aes-256
 hash sha
 group 5
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet 192.168.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

webvpn
 enable outside
 svc image disk0:/sslclient-win-1.1.0.154.pkg 1
 svc enable
 url-list Srv01bf "DomainServer" cifs://192.168.10.200 1
 tunnel-group-list enable
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
 webvpn
  functions url-entry file-access file-entry file-browsing
  svc required
group-policy Agesco internal
group-policy Agesco attributes
 dns-server value 192.168.10.200
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Agesco_splitTunnelAcl_1
group-policy Agesco_vpn internal
group-policy Agesco_vpn attributes
 dns-server value 192.168.10.200
 vpn-tunnel-protocol IPSec
group-policy Otro internal
group-policy Otro attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Otro_splitTunnelAcl
username aprat password rTAoeMnYJbZwfHu3 encrypted
username aprat attributes
 vpn-group-policy Agesco
username acalvo password uizH6AKS0Iamm5.e encrypted
username acalvo attributes
 vpn-group-policy GroupPolicy1
username minderbk password L6.dQvrKQ8OjeCud encrypted
username minderbk attributes
 vpn-group-policy DfltGrpPolicy
username javierzb password LdzKyksIR8gynOzb encrypted
username javierzb attributes
 vpn-group-policy DfltGrpPolicy
username alfredoic password 5Nel7kuoiggvqc7j encrypted
username alfredoic attributes
 vpn-group-policy Agesco
tunnel-group DefaultWEBVPNGroup general-attributes
 default-group-policy GroupPolicy1
tunnel-group DefaultWEBVPNGroup webvpn-attributes
 nbns-server 192.168.10.200 master timeout 2 retry 2
tunnel-group Agesco type ipsec-ra
tunnel-group Agesco general-attributes
 address-pool Agesco
tunnel-group Agesco ipsec-attributes
 pre-shared-key *
tunnel-group 212.145.203.14 type ipsec-l2l
tunnel-group 212.145.203.14 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:8f745a749eb16582f394ce1a4539962b
: end

REMOTE OFFICE

hostname asaAgescoMad
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.20.99 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 10.0.0.10 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
access-list inbound extended permit icmp any any
access-list inbound extended permit tcp any interface outside eq www
access-list inbound extended permit tcp any interface outside eq ssh
access-list inbound extended permit tcp any interface outside eq 5430
access-list inbound extended permit tcp any interface outside eq 5431
access-list inbound extended permit tcp any interface outside eq 5432
access-list inbound extended permit tcp any interface outside eq 30865
access-list In_Agesco_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 192.168.20.198 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list Agesco_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list Agesco_in_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list Test_splitTunnelAcl standard permit any
access-list Agesco_splitTunnelAcl_1 standard permit any
access-list Otro_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool Agesco 192.168.20.50-192.168.20.60 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.20.198 www netmask 255.255.255.255
static (inside,outside) tcp interface ssh 192.168.20.198 ssh netmask 255.255.255.255
static (inside,outside) tcp interface 5430 192.168.20.198 5430 netmask 255.255.255.255
static (inside,outside) tcp interface 5431 192.168.20.198 5431 netmask 255.255.255.255
static (inside,outside) tcp interface 5432 192.168.20.198 5432 netmask 255.255.255.255
static (inside,outside) tcp interface 30865 192.168.20.198 30865 netmask 255.255.255.255
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.20.0 255.255.255.255 inside
http 192.168.20.0 255.255.255.0 inside
http 192.168.20.198 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs group1
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs group1
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs group1
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs group1
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 140 set pfs group1
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group5
crypto map outside_map 1 set peer 85.48.226.150
crypto map outside_map 1 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption aes-256
 hash sha
 group 5
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet 192.168.20.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

group-policy Agesco internal
group-policy Agesco attributes
 dns-server value 192.168.20.198
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Agesco_splitTunnelAcl_1
group-policy Agesco_vpn internal
group-policy Agesco_vpn attributes
 dns-server value 192.168.20.198
 vpn-tunnel-protocol IPSec
group-policy Otro internal
group-policy Otro attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Otro_splitTunnelAcl
username aprat password rTAoeMnYJbZwfHu3 encrypted
username aprat attributes
 vpn-group-policy Agesco
username acalvo password uizH6AKS0Iamm5.e encrypted
username acalvo attributes
 vpn-group-policy DfltGrpPolicy
username gcabezas password 17eggG7OV1hDloE6 encrypted
username gcabezas attributes
 vpn-group-policy Agesco
tunnel-group Agesco type ipsec-ra
tunnel-group Agesco general-attributes
 address-pool Agesco
tunnel-group Agesco ipsec-attributes
 pre-shared-key *
tunnel-group 85.48.226.150 type ipsec-l2l
tunnel-group 85.48.226.150 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:680608b9981a7e0fbf2389d28a42e8be
: end


Thanks for your help.
Albert.-

Answer : Problem: Asa site to site domain problem

The remote computer has the proper DNS and WINS (if applicable) settings, right?  You can ping the server, right?
Random Solutions  
 
programming4us programming4us