One Windows Domain - Site 2 Site VPN with router 2 RAS server - Network browsing works only one way .....

Hi guys,

We got a challange we can't figure out .....

We have one Domain across 2 locations
At the main site we have a Win2003 RAS server witch connects to the Draytek router at the remote site. (this works fine)

RAS network is 192.168.101.0
RAS server 192.168.101.1
PDC / DNS / WINS server 192.168.101.10

remote network is 192.168.108.0
router 192.168.108.1
PDC / DNS / WINS server 192.168.108.10

The nics use there own dns and wins and netbios is enabled

I got wins running on both the machines and they replecate with eathother
The DNS is setup with the reverse lookups on both the DC's

Now i can map any share from the 192.168.108.10 when i am on the 192.168.101.0 network
Even the network neighborhood works like a charm but the other way around doesn't map anything.

I can trace / ping from the 192.168.108.10 everything on the 192.168.101.0 network but mapping, browsing does't work
(it says "the path wasn't accepted by any host)

What's the trick ......... ?

Martijn
Adisa ICT Diensten
The Netherlands
   
mwiegersAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SKULLS_HawkCommented:
What about port setup on the Draytek?

Sounds like a DNS issue.  Possibly the Draytek does not have the correct ports open for incoming on the 101 network side?
0
SKULLS_HawkCommented:
Sorry meant to ask, can you ping DNS names?
0
mwiegersAuthor Commented:
I can ping everything on the other side .....
so i think the dns ports of the draytek are okay
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

SKULLS_HawkCommented:
So you can ping their machine names etc?  Are you using the DNS function of the Draytek? Is it a 2600?
0
mwiegersAuthor Commented:
no in this case it's a draytek 2200+ because there is a Cable modem at the location (i know the 2600 have some troubles there to)

yes i'am using that function
the clients get the 192.168.108.10 as dns server but the server usses the 192.168.108.1 (the draytek) as dns relay for domains not found on this server ... but the domain zone is there.

you got me thinking ....... :)
0
SKULLS_HawkCommented:
Hopefully it leads to the fix. ;)  Let me know how you get on.
0
mwiegersAuthor Commented:
Yes sorry,

i can ping trace all clients, printers from the other location
i can't map a share or see the complete network in the netwok neighborhood (from the other side all works fine)
0
SKULLS_HawkCommented:
Verify your ports between sites.  

http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/ref_net_ports_ms_prod.mspx

Specifically Computer Browser on ports 137 to 138. DNS is on 53, but if you can ping machine names both ways that probably won't be it.

There must be something slightly different for incoming and outgoing on either end, since one half works.

Very strange.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mwiegersAuthor Commented:
Mhhh

i looked at the RAS server wich also has a connection with a different domein. DNS WINS is the same way configured ....
And it work fine ......
This is a connection between a Draytek 2600 and the same RAS server

domain= adisa.local
RAS network is 192.168.101.0
RAS server 192.168.101.1
PDC / DNS / WINS server 192.168.101.10

domain= leeuw.local
remote network is 192.168.213.0
router 192.168.213.1
PDC / DNS / WINS server 192.168.213.10

We have more networks connected to our RAS in this way and it works

the only difference is that in this case the domain is the same (the 192.168.101.0 and 192.168.108.0 are the adisa.local)
0
adamdrayerCommented:
are you using any encapsulation?  PPTP, L2TP?  alot of ISPs will block the incoming requests for ports that deal with Microsoft Sharing, i.e. 137-139, 445.  If the remote site is using a residential connection, then this is most likely the problem.  If they are using Business Cable, I've still seen this be the cause.
0
mwiegersAuthor Commented:
i have a pptp connection and it's up and running

Before i installed the draytek there was a RAS 2 RAS connection with a different domain name but it worked .....
0
SKULLS_HawkCommented:
definately sounds like a port issue of somekind.
0
mwiegersAuthor Commented:
Can i sniff packets to see where it goes wrong ? And wich sniffer can i use ?
I looking at the syslog from the router but don't see anything going wrong ....
0
adamdrayerCommented:
http://www.ethereal.com is a good program, and it may help in this case
0
mwiegersAuthor Commented:
I'll be Back, may take a day but ........ i'll fix it !
0
mwiegersAuthor Commented:
Does anyone know what this piece of log means .......

The setup is  ..............
A draytek 2200+ with a thompson cable modem, the provider gives acces to a macadres ... so i can't use a Draytek 2600
Could this crap come from the thompson ?

DHCP <==  Offer XID = 0x2de8bf20, Client IP = 0.0.0.0, Your IP = 24.132.63.208, Next server IP = 0.0.0.0, Relay agent IP = 62.194.142.1, Option: 53, 54, 51, 01,
0
mwiegersAuthor Commented:
SKULLS_Hawk

Thanx ...

it is port 135 + 139 and 445 that don't travel across the PPTP connection .... Now let's hope they can be opened ...
0
SKULLS_HawkCommented:
No problem,  Good luck.
0
mwiegersAuthor Commented:
OKAY,

If someone whants to know ................

It's not a filter or the firewall but an "antiworm option" it's only in the draytek 2200E+ and only by default enabled with firmware 2.6.2


Open Telnet an give this command

mngt defenseworm off

Reboot and all works ......
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.