SSL VPN
Reply
Tuc
New User
Tuc
Posts: 2
Registered: ‎03-16-2009
0

WSAM to file share

Hi,

 

We just want to be able to share drives via WSAM over our SSLVPN (SA-4500). Its been a difficult road working with Juniper support, so I'm coming to community.

 

I started in Respource Profiles>Clinet Application Resource Profiles . I created "I File Share", WSAM/NetBIOS file browsing,  i.example.com:139,445 / 192.168.1.12:139,445 / a.example.com:135-140/ z.example.com:135-140 (i is the file share server at 192.168.1.12, a and z are domain controllers for authentication). I Autopolicy and added to all roles.  I added the same information to "WSAM Destination Resource Profile" too.

 

So the first issue is I can't resolve i.example.com when I do //i.example.com in explorer. Is there some sort of way to do this? Second, if I use the IP, it just doesn't work.

 

Where do I go from here?

 

Thanks, Tuc

 

 

 

 

 

pkc
Contributor
pkc
Posts: 111
Registered: ‎09-24-2008
0

Re: WSAM to file share

to be able to use either IP or name, you need to check the option

"ip based matching for hostname based policy resources" in the options of resource policies - files 

 

then you also need to be able to resolve the names you'd like to use in the shares.

 

quick question : why do you need to use WSAM and not network connect for instance or the core file share ? 

Tuc
New User
Tuc
Posts: 2
Registered: ‎03-16-2009
0

Re: WSAM to file share

Hi,

 

Yes, we have that option checked.

 

What is the reccomended way to do that using WSAM? I would think about the only way is to put it into the hosts file.

 

Otherwise, we were originally sold on the fact of not having to create NCs for everyone that needed to do this, only WSAM. There are 2 minute "HOWTOs" on doing it via WSAM. Every engineer that calls says its really simple and 2 1/2 hours late goes off with logs/etc and says that they'll get back to me and never do. We really want to use WSAM for this.

 

Does anyone have it running?

 

Tuc

Contributor
jeje-none
Posts: 21
Registered: ‎07-31-2009
0

Re: WSAM to file share

Yes we do:

 

first, be able to resolve netbios name by creating an SAM application "netbios". Name requests will be forwarded to the IVE. The IVE has to be able to resolve itself

 

Then add a WSAM destination to your file server using something like: 10.x.x.x/32:137-139,445

 

Apply these 2 profiles to the roles you need, and that does the trick.

 

Regards,

 

Jerome. 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.