We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Cannot see other domains attached by a VPN tunnel in My Network Places

Medium Priority
394 Views
Last Modified: 2010-03-19
Dear experts,

I have the following situation I have 2 VPN tunnels interconnecting 3 sites. The primary (center) site has a Netgear FVS318v3 8-port Prosafe VPN Firewall (recently changed) and the other two locations both have Linksys BEFSX41 Firewall routers. Initially the center location also had identical Linksys box.

When I had Linksys boxes I was able to go to My Network Places->Entire Netwok->Microsoft Windows Network
This would show all the domain names that were interconnected by the VPN tunnels. I could also access computers in those domains from there.

I have not changed any OS settings, just placed Netgear Firewall. So, it is gotta be a setting there.

My question is what exactly could cause the above situation?
2. How do I fix it?

Thank you in advance,

Comment
Watch Question

Did you have to recreate the DHCP scopes when you replaced your box?
If that's the case then maybe you forgot to add WINS entry when re-creating the scope

Author

Commented:
Hi

The DHCP is running off Win2k3 servers in all three locations. DHCP on the routers is off. I didnt have to recreate anything.

I also copied most of the setting from the old Linksys box. For instance, I didnt have to reconfigure the VPNs, with all the same settings I was working just fine.

The only problem so far is the one I mentioned above.

Thanks,



CERTIFIED EXPERT
Top Expert 2013

Commented:
In the VPN policy configuration of the Netgear, near the bottom, there is an option "NetBIOS enable". Have you enabled that on all routers.
Browsing often doesn't work well over VPN's as NetBIOS names are not routable. If using a WINS server, that will most often allow for proper browsing. If so as HeavyWaterLTD suggested, make sure your DHCP server is assigning the WINS server's IP to all clients.

Author

Commented:
Hi

I had it enabled on all the routers by default.

Apparently your previous linksys setup played nicely with netbios but with the introduction of the netgear box this no longer works. If you have enabled netbios passthrough on all your boxes and vpn tunnels then it may be that it will never work as your previous setup.

As RobWill mentioned, netbios is not a routable protocol. for netbios name resolution through layer 3 environments a more elegant solution would be to deploy WINS servers for netbios name resolution. Once you do this, you have to have all your hosts (servers, clients) point to the WINS server to register.

Author

Commented:
Hi

So what would  I have to do? I have a DC in each location among with tens of PCs. Would I have to enable WINS on each DC and then enable Netbios over TCP/IP on each machine?

Thanks
CERTIFIED EXPERT
Top Expert 2013

Commented:
Are these DC's members of the same domain? If they are, and they are replicating AD there should be no problem or anything to configure, so long as replication is working properly. I would verify you have DNS configured on the remote DC's by running netdiag and dcdiag on those DC's. The utilities are available on some of the Windows install CD's, as part of the Windows resource kit, or from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/
There are different versions of these utilities, so if possible get them from your matching windows CD.
NetBIOS and WINS solutions are usually more important if you do not have a local DC, though for browsing the network, WINS is a great asset.

Author

Commented:
No in fact they all are different domains. Each having its own DNS server. The problem is that without really being able to browse other domains, I cannot establish trusts. Thus the replication of DNS is impossible.
CERTIFIED EXPERT
Top Expert 2013
Commented:
Browsing relies on NetBIOS, which over a VPN pretty much requires WINS, however AD, trusts, and replication rely on DNS. I would look at "resolving" that  first. Not sure how DCdiag works between different domains, but it certainly will not hurt to run. It may point out some critical errors.
You could try making use of the LMHosts file to add the remote DC names. This might help the servers to locate one another more easily. It uses/assists with NetBIOS naming.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cnfd_lmh_qxqq.mspx?mfr=true

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.