Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 118
  • Last Modified:

cannot see file shares on certain servers

here's my configuration;
site to site vpn between two sonicwall tz devices
all traffic is allowed between lan and vpn and vice versa in both directions on both devices
servers are on 192.168.0.0 /24 subnet at main building
workstations are on 172.16.32.0 /24 subnet at remote building

problem is, i can access file shares on all servers except a couple that i know of.  connections to 445 from remote office to main office on these servers times out.  telnet to 445 cannot connect (from 172.16.32) .  i can connect to 445 to these servers without issues from the main office subnet (192.168.0)

i can connect to port 53 on the problem servers without problems from remote office to main office.

i'm at a loss here.  445 if open on the server and can be accessed from the local subnet but not from the remote subnet.  however 53 is open (it is a dns server) and i can telnet (on 53) and nslookup to the server from the remote subnet to the local subnet.  from what i see and know, firewall is not an issue.  i've tried adding a route 172.16.32.0 mask 255.255.255.0 192.168.0.109 (sonic wall gateway) on the problem server but that did not make any difference.

any ideas?

thanks in advance.

shawn
0
scraby
Asked:
scraby
  • 3
  • 2
2 Solutions
 
McKnifeCommented:
That have to be firewalls. They can be based at the server or the client or in between at the gateway/router. Ask your network admin for help.
0
 
scrabyAuthor Commented:
the firewall is setup to allow everything in both directions between vpn and lan.  traffic passes to other servers through the same path without issues.  i can pass traffic on 445 to one server but not to another.  i can pass traffic on 53 to both servers.  that means outbound firewall on workstation is configured correctly.  it also means that in between firewall is configured correctly.  firewall is not enabled at the server.  i can get to both 53 and 445 from local subnet.  i can get through on 53 and 445 on one server from remote subnet but i can only get through on 53 on another and not on 445.

i think i'm going to have to use a tool like wireshark or logging on the firewall to see where traffic is blocked but that's about where my knowledge drops off.

btw, one man it team here.  i am the network admin
0
 
McKnifeCommented:
Again: If telnet says it's closed, there's no other possible reason but a firewall. So either there's one that you are not aware of at the moment, or it is configured in a way you are not aware of or it acts defective.
So double check anything and look at all firewall logs. Keep in mind that security software might have enabled firewall components, too.
0
 
scrabyAuthor Commented:
well, i did some monitoring and logging on both firewalls and found that traffic was not getting blocked at either of these appliances.  

i wound up deleting a couple of routes that i wasn't too sure about and also added a route on one server that i could not access port 445 on (route add 172.16.32.0 mask 255.255.255.0 192.168.0.109).  it started working.  i don't understand routes very well but i'm assuming that a packet originating from a 172 subnet with a 192 destination cannot get to it's destination if the destination machine does not have that subnet defined in it's routing table.

thanks for the help
0
 
scrabyAuthor Commented:
Thank for your help.  I think adding the route did the trick.

shawn
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now