Gateway to Gateway VPN One-Way Shared Folder Access

I have a gateway to gateway VPN setup using two Linksys RV042 routers. Netbios boardcast is not enabled. We used a WINS server for name resolution on the network (it's on network one).

First Network:

Second Network:

Both networks can ping each other fine.
Second network can access shared folders on first network, but first network cannot access shared folders on Second network. What's going on?
Who is Participating?
Rob WilliamsConnect With a Mentor Commented:
Users can create exceptions in the firewall configuration if you like, but they cannot switch it off.
As mentioned the firewall creates an exception for file and print sharing when it is enabled, but only for the local LAN. If you want to go the exception route you can do so by going to control panel | windows firewall | Exceptions | highlight file and print sharing and chose edit | highlight each protocol/port ( all 4 one at a time) and chose change scope | add your remote VPN subnet or "allow all computers" | save

If you want to disable the firewall, open the group policy management console on the SBS to group policy objects, and disable (not delete) the 2 polices, by right clicking on the policy and choosing GPO status and un-check enabled:
  Small Business Server Internet Connection Firewall
  Small Business Server Windows Firewall

It can take up to 90 minutes for the policy to be applied to the workstation. You can force this almost immediately by running at a command line, on the workstation:
gpupdate /force

Michael PfisterCommented:
Can you post

ipconfig /all

from a client on each end?

Whats the WINS server's IP?
Do you have DNS on both ends? If yes, whats the IP?
Rob WilliamsCommented:
Can you access the shared folders using the IP such as:
If not, is file and print sharing enabled on the \\192.168.5.x share ?
Is the Windows or any other software firewall enabled on the \\192.168.5.x share ?  If so, and even if there is an exception it may be limited to allowing the local network only. See the following site regarding configuring the firewall exception for computers outside the LAN. The example is for port 3389, for file shares you will need TCP 139 & 445, UDP 137 & 138:
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

tvaccAuthor Commented:
Here's the requested information:

The WINS server is on network one. It has an IP of It's also the domain controller. This is the setting for every computer.

All clients on both ends have DNS first point to and then to our ISP's primary DNS.

I can't run a ipconfig /all right now. I'm not on site at either place and I'm working remotely on something at at the moment. I'm fairly certain the ip settings are correct though.
tvaccAuthor Commented:
Oh, and no I cannot access it based on \\IP address\ShareName.

I can ping from network 2 to network 1 (and 1 to 2) using ip addresses and computer names.
Rob WilliamsCommented:
Generally in a domain environment the ISP's DNS should never be added, even as a secondary. They should only be added as a forwarder in your DNS management console. Windows will not always use the server's DNS first, especially over slow connection, and it results in name resolution issues.

Just saw your second post. Above still applies but it's not a DNS or Wins issue if you cannot access shares by IP. Sounds more like a software firewall issue, or permissions.
tvaccAuthor Commented:
I think I've started to narrow it down. I also think it's a software firewall issue somewhere. SBS2003, by default, makes clients have the windows firewall on without the ability to change that. I think that's my problem. Now I can't get group policy to allow the clients to turn off the firewall (or even just turn it off through group policy). I have searched on here and have set windows firewall disabled for all network connections, but when I log on to the client the firewall is still enabled and I cannot disable it.
tvaccAuthor Commented:
That fixed it. I didn't delete (rather, no longer enforced linked) the GPOs as I don't like to delete things. Now I can connect fine. Thanks.
Rob WilliamsCommented:
Great Glad to hear.
Thanks tvacc.
Cheers !
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.