Solved

Server veiwable from far side of VPN, but Server can not see far side of VPN

Posted on 2008-10-30
4
242 Views
Last Modified: 2013-11-25
I have a client that has two locations conected via IPSEC VPN. The VPN is controled by an Astaro 220 firewall on the near side (10.0.X.X) and and a Linksys WRV200 at the remote location (192.168.X.X).  The remote location has no problem seeing all of the computers, mapping drives, or accessing exchange on the  10.0.X.X network. The issues is that the 10.0.X.X network can not see any of the PCs on the 192.168.X.X network. I can ping them, but can not access them via RDP, Net Use, or Map drive option in my computer.

What I have Chedcked so Far.
1. The Astaro Firewall has rules to allow all traffic in both directions over the VPN
2. The remote router looks to the Server on the 10.0.X.X network for DNS
3. The Server looks to itsef for DNS first
4. There are records in DNS for the remote network on the Server (Windows 2003 SBS)
5. Net Bios is enabled on PCs on both sides of the VPN
 
I am not sure where to go from here, any help would be great , Thanks
0
Comment
Question by:Teleswitch
  • 3
4 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22847249
For the record NetBIOS will not as a rule work over the VPN, however if there are DNS entris on the local (10.0.x.x) server for the remote site, I am surprised access by DNS name doesn't work.
As a test can you access remote resources by IP such as RDP or file shares:
RDP:             mstsc  -v:192.168.123.123
Flie shares:  \\192.168.123.123\ShareName

If that works try accessing by FQDN:
RDP:             mstsc  -v:Computer1.local
Flie shares:  \\Computer1.local\ShareName
0
 

Author Comment

by:Teleswitch
ID: 22849520
RDP and file share do not work .
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 22858553
>>"RDP and file share do not work ."
I assume you mean they do not work when accessing by IP rather than by name?

It can be related to too high an MTU value, usually you can connect, with MTU it doesn't fail until you actually start to transfer data.

The only other thought I have is this can sometimes be resolved by disabling "black Hole Router" detection. :
http://support.microsoft.com/kb/314825
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 23148306
Thanks Teleswitch.
Cheers !
--Rob
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now