?
Solved

VPN Please help cannot access shares

Posted on 2006-11-30
8
Medium Priority
?
171 Views
Last Modified: 2010-04-08
Hi Experts

Any help appreciated.

I have 2 win2k3 servers at different locations

I connect server A to server B over internet VPN

Port forward 1723 on linksys router on server B

connects - authenticates - logs in no problem at all

Server B is a DHCP server to incoming connections.

I can use VNC to connect to server B using a lan IP 192.168.1.100

BUT I cannot access any of the network shares on server B

I tried DMZ very quickly and with no luck then turned it off again.

I can VNC backward and forward between both server a and b so I am guessing that the TCP Protocol is getting through ok.

I can ping no problem at all

any ideas??

Thanks very much.
Nik
0
Comment
Question by:nikdonovanau
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 9

Expert Comment

by:jjoseph_x
ID: 18047764
If you try to access the machines via the IP like \\192.168.0.11 do you see their shares?   Because it could be a name resolution issue.
0
 
LVL 1

Author Comment

by:nikdonovanau
ID: 18049220
Thanks for that - I cant access any network shares using names or ip addresses. I get the error 'no network provider accepted the given path'
0
 
LVL 9

Expert Comment

by:jjoseph_x
ID: 18049484
It sounds like NetBIOS (SMB) might not be blocked.  How are you making the VPN connection?
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 1

Author Comment

by:nikdonovanau
ID: 18089658
Thanks jjoseph_x
Sorry for the delay. My firewall setup is:
 Linksys ADSL 2 Router with http & mail ports open and forward to server -> D-Link VPN Router (in Linksys DMZ) forward vpn to server -> server with no software firewall.
The strange thing is I can ping 'server' and it resolves to 192.168.1.100 and I get 0% packet loss.
I can even VNC direct by typing 'server' in the connection box.
trying to connect via cmd I get error 67
I cannot telnet to 'server' over VPN but locally I can
Thanks again for you help thus far.
0
 
LVL 9

Expert Comment

by:jjoseph_x
ID: 18090920
Hmmm.  So VNC works fine, but telnet does not?  It really sounds like ports are being blocked (there's no other for VNC - port 5900 - to work and not telnet).

Are you sure that there are no firewalls on that box?  Not even the Microsoft built-in firewall?
0
 
LVL 1

Author Comment

by:nikdonovanau
ID: 18091009
Thanks for the reply,

I have done a port scan over the VPN connection and the following ports are open

25,42,53,80,88,110,119,135,143,389,445,464,563,593,636,691,993,995,1024,1034,1723,3068,3268,3269,3306,3389,5800,5900,6001,6002,6004

Am I missing something obvious?

Thanks again
Nik
0
 
LVL 9

Accepted Solution

by:
jjoseph_x earned 2000 total points
ID: 18098184
You can telnet to the machine locally, but you can't access port 23 over the VPN?

As for drive mapping, port 445 TCP is used for SMB in windows 2000+ (otherwise it will use 135 tcp, and 138 and 139 UDP).

Just of the heck of it, try disabling NetBIOS over TCP for the connection (go to the properties of TCP/IP for the connection, go to the WINS tab and select the "disable NetBIOS over TCP" radio button.

0
 
LVL 1

Author Comment

by:nikdonovanau
ID: 18163069
Thanks for all your help experts. I was in an environment where I could not restart the server. However what I did to solve the problem is to wait until the slowest possible time, kick everyone off and reboot the server. Something so simple can be so hard sometimes.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question