Windows Explorer Browsing Across VPN
We have a head office connected to a remote office using a site-to-site VPN (Sonicwall TZ210 at each end).
Subnet at head office is 10.10.0.0 (255.255.0.0). This subnet hosts MS small business server, network printers, NAS, etc. MS SBS provides DNS for both offices but DHCP only for the head office.
Subnet at remote office is 10.11.0.0 (255.255.0.0). This subnet only has clients on it (apart from a Netgear WAP controller which also provdes DHCP for the remote site).
We have established a site-to-site VPN between the two sites (no NAT implemented). This works fine in that clients on the remote site can access resources on the head office site by both IP and URL. However users at each site cannot see the resources in the other site using Windows Explorer.
What would we need to do to get global visibility of both sites' resources in Windows Explorer?
Thanks
Nigel
Subnet at head office is 10.10.0.0 (255.255.0.0). This subnet hosts MS small business server, network printers, NAS, etc. MS SBS provides DNS for both offices but DHCP only for the head office.
Subnet at remote office is 10.11.0.0 (255.255.0.0). This subnet only has clients on it (apart from a Netgear WAP controller which also provdes DHCP for the remote site).
We have established a site-to-site VPN between the two sites (no NAT implemented). This works fine in that clients on the remote site can access resources on the head office site by both IP and URL. However users at each site cannot see the resources in the other site using Windows Explorer.
What would we need to do to get global visibility of both sites' resources in Windows Explorer?
Thanks
Nigel
You could always give them the same subnet, but then you have to have only one DHCP server, and the Sonicwall may need to be configured to pass NetBIOS broadcasts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BTW - Enabling the broadcasts will allow this to work across subnets; you do not have to change your subnetting.
The best way is to have a second server on the remove LAN whcih has a secondary copy of the Zone from teh primary site, however , if you have no server you will have to configure the Name resolution manually for each of the machines there.
in
c:\windows\system32\driver
there should be a file called LMHOSTS.SAM
edit thir file with notepad or whatever
there is plenty of examples in the file,
but you need a #PRE #DOM entry for you SBS server and just normal entries for all your other servers
save the file and the rename to remove the .SAM extension (must hav no extension)
eg
REN LMHOSTS.SAM LMHOSTS
You can get windows to ready the file with the command
NBTSTAT -R
or just reboot
BTW this only works on TCP/IP
in
c:\windows\system32\driver
there should be a file called LMHOSTS.SAM
edit thir file with notepad or whatever
there is plenty of examples in the file,
but you need a #PRE #DOM entry for you SBS server and just normal entries for all your other servers
save the file and the rename to remove the .SAM extension (must hav no extension)
eg
REN LMHOSTS.SAM LMHOSTS
You can get windows to ready the file with the command
NBTSTAT -R
or just reboot
BTW this only works on TCP/IP
Is your SBS Premium or Standard?
Vico1
Vico1
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the flurry of responses. Just woken up this side of the pond so will look them through when I get in and see where that leaves me.
ASKER
OK,. Rebooted a few things and now it seems to work! Will keep an eye on it. Thanks for responses.
You can weigh your options. ALL Experts on this post have posted valid information.
Netbios is not routeable without help.Here are a few options.
1) LMHOST/WINS server- WINS and adding an LMHOST record between site master browsers allows you to prevent excessive Netbios broadcasts over a VPN connection. If this is a secure VPN connection through a IPsec tunel, I would definately consider an LMHOST or WINS servers. The way this works is clients send out a netbios broadcast every 15 minutes. The domain server with FSMO roles collects information from these netbios broadcasts, including netbios to an IP address, (netbios resolution). Since the domain server has all that information, (much like the DNS server will have DNS resolution), why broadcast all netbios over a vpn connection and have only ONE domain master browser for all Sites? Why not share each site's master browser list, with the domain master?
2) Allowing VPN broadcasts between sites- This option creates excessive traffic. Allowing all netbios broadcasts is pretty excessive traffic over a VPN. It's not recommended.
3) Vendor hardware/software configurations- The demand for ability to share Common Information File Shares and Server Message Block Shares has caused most network manufacturers to provide a means to share CIFS shares over SMB protocol. SONIC WALL is one of the best. It's also the most secure means to share this information. I would either google search or call Sonic tech support on "CIFS SMB Sonic Wall".
Netbios is not routeable without help.Here are a few options.
1) LMHOST/WINS server- WINS and adding an LMHOST record between site master browsers allows you to prevent excessive Netbios broadcasts over a VPN connection. If this is a secure VPN connection through a IPsec tunel, I would definately consider an LMHOST or WINS servers. The way this works is clients send out a netbios broadcast every 15 minutes. The domain server with FSMO roles collects information from these netbios broadcasts, including netbios to an IP address, (netbios resolution). Since the domain server has all that information, (much like the DNS server will have DNS resolution), why broadcast all netbios over a vpn connection and have only ONE domain master browser for all Sites? Why not share each site's master browser list, with the domain master?
2) Allowing VPN broadcasts between sites- This option creates excessive traffic. Allowing all netbios broadcasts is pretty excessive traffic over a VPN. It's not recommended.
3) Vendor hardware/software configurations- The demand for ability to share Common Information File Shares and Server Message Block Shares has caused most network manufacturers to provide a means to share CIFS shares over SMB protocol. SONIC WALL is one of the best. It's also the most secure means to share this information. I would either google search or call Sonic tech support on "CIFS SMB Sonic Wall".
The remote PCs would have to have an IP in the same subnet as the PCs that they were browsing.
This is usually achieved in single node VPNs running across NAT routers by creating a Virtual IP address as the endpoint of the tunnel.