• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 836
  • Last Modified:

Gateway to Gateway VPN One-Way Shared Folder Access

I have a gateway to gateway VPN setup using two Linksys RV042 routers. Netbios boardcast is not enabled. We used a WINS server for name resolution on the network (it's on network one).

First Network:
192.168.3.XXX
255.255.255.0

Second Network:
192.168.5.XXX
255.255.255.0

Both networks can ping each other fine.
Second network can access shared folders on first network, but first network cannot access shared folders on Second network. What's going on?
0
tvacc
Asked:
tvacc
  • 4
  • 4
1 Solution
 
Michael PfisterCommented:
Can you post

ipconfig /all

from a client on each end?

Whats the WINS server's IP?
Do you have DNS on both ends? If yes, whats the IP?
0
 
Rob WilliamsCommented:
Can you access the shared folders using the IP such as:
\\192.168.5.123\ShareName
If not, is file and print sharing enabled on the \\192.168.5.x share ?
Is the Windows or any other software firewall enabled on the \\192.168.5.x share ?  If so, and even if there is an exception it may be limited to allowing the local network only. See the following site regarding configuring the firewall exception for computers outside the LAN. The example is for port 3389, for file shares you will need TCP 139 & 445, UDP 137 & 138:
http://www.lan-2-wan.com/RD-FW.htm
0
 
tvaccAuthor Commented:
Here's the requested information:

The WINS server is on network one. It has an IP of 192.168.3.160. It's also the domain controller. This is the setting for every computer.

All clients on both ends have DNS first point to 192.168.3.160 and then to our ISP's primary DNS.

I can't run a ipconfig /all right now. I'm not on site at either place and I'm working remotely on something at at the moment. I'm fairly certain the ip settings are correct though.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
tvaccAuthor Commented:
Oh, and no I cannot access it based on \\IP address\ShareName.

I can ping from network 2 to network 1 (and 1 to 2) using ip addresses and computer names.
0
 
Rob WilliamsCommented:
Generally in a domain environment the ISP's DNS should never be added, even as a secondary. They should only be added as a forwarder in your DNS management console. Windows will not always use the server's DNS first, especially over slow connection, and it results in name resolution issues.

Just saw your second post. Above still applies but it's not a DNS or Wins issue if you cannot access shares by IP. Sounds more like a software firewall issue, or permissions.
0
 
tvaccAuthor Commented:
I think I've started to narrow it down. I also think it's a software firewall issue somewhere. SBS2003, by default, makes clients have the windows firewall on without the ability to change that. I think that's my problem. Now I can't get group policy to allow the clients to turn off the firewall (or even just turn it off through group policy). I have searched on here and have set windows firewall disabled for all network connections, but when I log on to the client the firewall is still enabled and I cannot disable it.
0
 
Rob WilliamsCommented:
Users can create exceptions in the firewall configuration if you like, but they cannot switch it off.
As mentioned the firewall creates an exception for file and print sharing when it is enabled, but only for the local LAN. If you want to go the exception route you can do so by going to control panel | windows firewall | Exceptions | highlight file and print sharing and chose edit | highlight each protocol/port ( all 4 one at a time) and chose change scope | add your remote VPN subnet or "allow all computers" | save

If you want to disable the firewall, open the group policy management console on the SBS to group policy objects, and disable (not delete) the 2 polices, by right clicking on the policy and choosing GPO status and un-check enabled:
  Small Business Server Internet Connection Firewall
  Small Business Server Windows Firewall

It can take up to 90 minutes for the policy to be applied to the workstation. You can force this almost immediately by running at a command line, on the workstation:
gpupdate /force

0
 
tvaccAuthor Commented:
That fixed it. I didn't delete (rather, no longer enforced linked) the GPOs as I don't like to delete things. Now I can connect fine. Thanks.
0
 
Rob WilliamsCommented:
Great Glad to hear.
Thanks tvacc.
Cheers !
--Rob
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now