Solved

Gateway to Gateway VPN One-Way Shared Folder Access

Posted on 2007-11-14
9
782 Views
Last Modified: 2012-05-05
I have a gateway to gateway VPN setup using two Linksys RV042 routers. Netbios boardcast is not enabled. We used a WINS server for name resolution on the network (it's on network one).

First Network:
192.168.3.XXX
255.255.255.0

Second Network:
192.168.5.XXX
255.255.255.0

Both networks can ping each other fine.
Second network can access shared folders on first network, but first network cannot access shared folders on Second network. What's going on?
0
Comment
Question by:tvacc
  • 4
  • 4
9 Comments
 
LVL 28

Expert Comment

by:Michael Pfister
ID: 20278796
Can you post

ipconfig /all

from a client on each end?

Whats the WINS server's IP?
Do you have DNS on both ends? If yes, whats the IP?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20286325
Can you access the shared folders using the IP such as:
\\192.168.5.123\ShareName
If not, is file and print sharing enabled on the \\192.168.5.x share ?
Is the Windows or any other software firewall enabled on the \\192.168.5.x share ?  If so, and even if there is an exception it may be limited to allowing the local network only. See the following site regarding configuring the firewall exception for computers outside the LAN. The example is for port 3389, for file shares you will need TCP 139 & 445, UDP 137 & 138:
http://www.lan-2-wan.com/RD-FW.htm
0
 

Author Comment

by:tvacc
ID: 20300459
Here's the requested information:

The WINS server is on network one. It has an IP of 192.168.3.160. It's also the domain controller. This is the setting for every computer.

All clients on both ends have DNS first point to 192.168.3.160 and then to our ISP's primary DNS.

I can't run a ipconfig /all right now. I'm not on site at either place and I'm working remotely on something at at the moment. I'm fairly certain the ip settings are correct though.
0
 

Author Comment

by:tvacc
ID: 20300559
Oh, and no I cannot access it based on \\IP address\ShareName.

I can ping from network 2 to network 1 (and 1 to 2) using ip addresses and computer names.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 20300585
Generally in a domain environment the ISP's DNS should never be added, even as a secondary. They should only be added as a forwarder in your DNS management console. Windows will not always use the server's DNS first, especially over slow connection, and it results in name resolution issues.

Just saw your second post. Above still applies but it's not a DNS or Wins issue if you cannot access shares by IP. Sounds more like a software firewall issue, or permissions.
0
 

Author Comment

by:tvacc
ID: 20374276
I think I've started to narrow it down. I also think it's a software firewall issue somewhere. SBS2003, by default, makes clients have the windows firewall on without the ability to change that. I think that's my problem. Now I can't get group policy to allow the clients to turn off the firewall (or even just turn it off through group policy). I have searched on here and have set windows firewall disabled for all network connections, but when I log on to the client the firewall is still enabled and I cannot disable it.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 20378883
Users can create exceptions in the firewall configuration if you like, but they cannot switch it off.
As mentioned the firewall creates an exception for file and print sharing when it is enabled, but only for the local LAN. If you want to go the exception route you can do so by going to control panel | windows firewall | Exceptions | highlight file and print sharing and chose edit | highlight each protocol/port ( all 4 one at a time) and chose change scope | add your remote VPN subnet or "allow all computers" | save

If you want to disable the firewall, open the group policy management console on the SBS to group policy objects, and disable (not delete) the 2 polices, by right clicking on the policy and choosing GPO status and un-check enabled:
  Small Business Server Internet Connection Firewall
  Small Business Server Windows Firewall

It can take up to 90 minutes for the policy to be applied to the workstation. You can force this almost immediately by running at a command line, on the workstation:
gpupdate /force

0
 

Author Comment

by:tvacc
ID: 20473348
That fixed it. I didn't delete (rather, no longer enforced linked) the GPOs as I don't like to delete things. Now I can connect fine. Thanks.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20473551
Great Glad to hear.
Thanks tvacc.
Cheers !
--Rob
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now