?
Solved

One Windows Domain - Site 2 Site VPN with router 2 RAS server - Network browsing works only one way .....

Posted on 2004-11-09
19
Medium Priority
?
392 Views
Last Modified: 2010-05-18
Hi guys,

We got a challange we can't figure out .....

We have one Domain across 2 locations
At the main site we have a Win2003 RAS server witch connects to the Draytek router at the remote site. (this works fine)

RAS network is 192.168.101.0
RAS server 192.168.101.1
PDC / DNS / WINS server 192.168.101.10

remote network is 192.168.108.0
router 192.168.108.1
PDC / DNS / WINS server 192.168.108.10

The nics use there own dns and wins and netbios is enabled

I got wins running on both the machines and they replecate with eathother
The DNS is setup with the reverse lookups on both the DC's

Now i can map any share from the 192.168.108.10 when i am on the 192.168.101.0 network
Even the network neighborhood works like a charm but the other way around doesn't map anything.

I can trace / ping from the 192.168.108.10 everything on the 192.168.101.0 network but mapping, browsing does't work
(it says "the path wasn't accepted by any host)

What's the trick ......... ?

Martijn
Adisa ICT Diensten
The Netherlands
   
0
Comment
Question by:mwiegers
  • 10
  • 7
  • 2
19 Comments
 
LVL 5

Expert Comment

by:SKULLS_Hawk
ID: 12532663
What about port setup on the Draytek?

Sounds like a DNS issue.  Possibly the Draytek does not have the correct ports open for incoming on the 101 network side?
0
 
LVL 5

Expert Comment

by:SKULLS_Hawk
ID: 12532680
Sorry meant to ask, can you ping DNS names?
0
 

Author Comment

by:mwiegers
ID: 12532712
I can ping everything on the other side .....
so i think the dns ports of the draytek are okay
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 5

Expert Comment

by:SKULLS_Hawk
ID: 12532888
So you can ping their machine names etc?  Are you using the DNS function of the Draytek? Is it a 2600?
0
 

Author Comment

by:mwiegers
ID: 12533368
no in this case it's a draytek 2200+ because there is a Cable modem at the location (i know the 2600 have some troubles there to)

yes i'am using that function
the clients get the 192.168.108.10 as dns server but the server usses the 192.168.108.1 (the draytek) as dns relay for domains not found on this server ... but the domain zone is there.

you got me thinking ....... :)
0
 
LVL 5

Expert Comment

by:SKULLS_Hawk
ID: 12533413
Hopefully it leads to the fix. ;)  Let me know how you get on.
0
 

Author Comment

by:mwiegers
ID: 12533422
Yes sorry,

i can ping trace all clients, printers from the other location
i can't map a share or see the complete network in the netwok neighborhood (from the other side all works fine)
0
 
LVL 5

Accepted Solution

by:
SKULLS_Hawk earned 750 total points
ID: 12533523
Verify your ports between sites.  

http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/ref_net_ports_ms_prod.mspx

Specifically Computer Browser on ports 137 to 138. DNS is on 53, but if you can ping machine names both ways that probably won't be it.

There must be something slightly different for incoming and outgoing on either end, since one half works.

Very strange.
0
 

Author Comment

by:mwiegers
ID: 12533572
Mhhh

i looked at the RAS server wich also has a connection with a different domein. DNS WINS is the same way configured ....
And it work fine ......
This is a connection between a Draytek 2600 and the same RAS server

domain= adisa.local
RAS network is 192.168.101.0
RAS server 192.168.101.1
PDC / DNS / WINS server 192.168.101.10

domain= leeuw.local
remote network is 192.168.213.0
router 192.168.213.1
PDC / DNS / WINS server 192.168.213.10

We have more networks connected to our RAS in this way and it works

the only difference is that in this case the domain is the same (the 192.168.101.0 and 192.168.108.0 are the adisa.local)
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12533859
are you using any encapsulation?  PPTP, L2TP?  alot of ISPs will block the incoming requests for ports that deal with Microsoft Sharing, i.e. 137-139, 445.  If the remote site is using a residential connection, then this is most likely the problem.  If they are using Business Cable, I've still seen this be the cause.
0
 

Author Comment

by:mwiegers
ID: 12534001
i have a pptp connection and it's up and running

Before i installed the draytek there was a RAS 2 RAS connection with a different domain name but it worked .....
0
 
LVL 5

Expert Comment

by:SKULLS_Hawk
ID: 12534031
definately sounds like a port issue of somekind.
0
 

Author Comment

by:mwiegers
ID: 12542772
Can i sniff packets to see where it goes wrong ? And wich sniffer can i use ?
I looking at the syslog from the router but don't see anything going wrong ....
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12544184
http://www.ethereal.com is a good program, and it may help in this case
0
 

Author Comment

by:mwiegers
ID: 12545258
I'll be Back, may take a day but ........ i'll fix it !
0
 

Author Comment

by:mwiegers
ID: 12552832
Does anyone know what this piece of log means .......

The setup is  ..............
A draytek 2200+ with a thompson cable modem, the provider gives acces to a macadres ... so i can't use a Draytek 2600
Could this crap come from the thompson ?

DHCP <==  Offer XID = 0x2de8bf20, Client IP = 0.0.0.0, Your IP = 24.132.63.208, Next server IP = 0.0.0.0, Relay agent IP = 62.194.142.1, Option: 53, 54, 51, 01,
0
 

Author Comment

by:mwiegers
ID: 12552866
SKULLS_Hawk

Thanx ...

it is port 135 + 139 and 445 that don't travel across the PPTP connection .... Now let's hope they can be opened ...
0
 
LVL 5

Expert Comment

by:SKULLS_Hawk
ID: 12552874
No problem,  Good luck.
0
 

Author Comment

by:mwiegers
ID: 12553641
OKAY,

If someone whants to know ................

It's not a filter or the firewall but an "antiworm option" it's only in the draytek 2200E+ and only by default enabled with firmware 2.6.2


Open Telnet an give this command

mngt defenseworm off

Reboot and all works ......
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Loops Section Overview

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question