0

We have an ASA 5505 doing IPSec VPN for remote users. Client access is working almost as expected:clients can reach hosts on the internal LAN, even using DNS, and we are tunneling all client traffic through the ASA so the user appears to be coming from the office to the outside world.

What's not working is discovery of internal LAN services such as shared folders and OS X screen sharing (we suppose, via Bonjour/multicast DNS). These services are working when a user is at the office but it looks like the advertisements/discoveries don't traverse the VPN.

Specifically this question is addressing the needs of an OS X user though we notice the same thing for Windows clients - e.g. Workgroup member discovery does not appear to be working.

We've enabled multicast routing in the ASA but it appears to not have an effect.

What's required in order to make service discovery work as if the VPN user was plugged into the LAN directly? Is this even possible with an ASA 5505 in IPSec mode?

Ryan
  • 81
  • 1
  • 8

1 Answers1

1

You are essentially asking this question: VPNs and NetBIOS

You are trying to get layer 2 (switch / bridging) functionality through a layer 3 device (router / IPSec VPN endpoint). It isn't going to go without a lot of work / effort... enough effort to make it cheaper to address the issue in another way, e.g. DNS.

In theory there are layer 2 VPN technologies. I don't know anything about them though.

Community
  • 1
Slartibartfast
  • 3,265
  • 17
  • 16