Solved

VPN Please help cannot access shares

Posted on 2006-11-30
8
167 Views
Last Modified: 2010-04-08
Hi Experts

Any help appreciated.

I have 2 win2k3 servers at different locations

I connect server A to server B over internet VPN

Port forward 1723 on linksys router on server B

connects - authenticates - logs in no problem at all

Server B is a DHCP server to incoming connections.

I can use VNC to connect to server B using a lan IP 192.168.1.100

BUT I cannot access any of the network shares on server B

I tried DMZ very quickly and with no luck then turned it off again.

I can VNC backward and forward between both server a and b so I am guessing that the TCP Protocol is getting through ok.

I can ping no problem at all

any ideas??

Thanks very much.
Nik
0
Comment
Question by:nikdonovanau
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 9

Expert Comment

by:jjoseph_x
ID: 18047764
If you try to access the machines via the IP like \\192.168.0.11 do you see their shares?   Because it could be a name resolution issue.
0
 
LVL 1

Author Comment

by:nikdonovanau
ID: 18049220
Thanks for that - I cant access any network shares using names or ip addresses. I get the error 'no network provider accepted the given path'
0
 
LVL 9

Expert Comment

by:jjoseph_x
ID: 18049484
It sounds like NetBIOS (SMB) might not be blocked.  How are you making the VPN connection?
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 1

Author Comment

by:nikdonovanau
ID: 18089658
Thanks jjoseph_x
Sorry for the delay. My firewall setup is:
 Linksys ADSL 2 Router with http & mail ports open and forward to server -> D-Link VPN Router (in Linksys DMZ) forward vpn to server -> server with no software firewall.
The strange thing is I can ping 'server' and it resolves to 192.168.1.100 and I get 0% packet loss.
I can even VNC direct by typing 'server' in the connection box.
trying to connect via cmd I get error 67
I cannot telnet to 'server' over VPN but locally I can
Thanks again for you help thus far.
0
 
LVL 9

Expert Comment

by:jjoseph_x
ID: 18090920
Hmmm.  So VNC works fine, but telnet does not?  It really sounds like ports are being blocked (there's no other for VNC - port 5900 - to work and not telnet).

Are you sure that there are no firewalls on that box?  Not even the Microsoft built-in firewall?
0
 
LVL 1

Author Comment

by:nikdonovanau
ID: 18091009
Thanks for the reply,

I have done a port scan over the VPN connection and the following ports are open

25,42,53,80,88,110,119,135,143,389,445,464,563,593,636,691,993,995,1024,1034,1723,3068,3268,3269,3306,3389,5800,5900,6001,6002,6004

Am I missing something obvious?

Thanks again
Nik
0
 
LVL 9

Accepted Solution

by:
jjoseph_x earned 500 total points
ID: 18098184
You can telnet to the machine locally, but you can't access port 23 over the VPN?

As for drive mapping, port 445 TCP is used for SMB in windows 2000+ (otherwise it will use 135 tcp, and 138 and 139 UDP).

Just of the heck of it, try disabling NetBIOS over TCP for the connection (go to the properties of TCP/IP for the connection, go to the WINS tab and select the "disable NetBIOS over TCP" radio button.

0
 
LVL 1

Author Comment

by:nikdonovanau
ID: 18163069
Thanks for all your help experts. I was in an environment where I could not restart the server. However what I did to solve the problem is to wait until the slowest possible time, kick everyone off and reboot the server. Something so simple can be so hard sometimes.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question