Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

cannot see file shares on certain servers

Posted on 2014-11-17
5
Medium Priority
?
116 Views
Last Modified: 2014-11-26
here's my configuration;
site to site vpn between two sonicwall tz devices
all traffic is allowed between lan and vpn and vice versa in both directions on both devices
servers are on 192.168.0.0 /24 subnet at main building
workstations are on 172.16.32.0 /24 subnet at remote building

problem is, i can access file shares on all servers except a couple that i know of.  connections to 445 from remote office to main office on these servers times out.  telnet to 445 cannot connect (from 172.16.32) .  i can connect to 445 to these servers without issues from the main office subnet (192.168.0)

i can connect to port 53 on the problem servers without problems from remote office to main office.

i'm at a loss here.  445 if open on the server and can be accessed from the local subnet but not from the remote subnet.  however 53 is open (it is a dns server) and i can telnet (on 53) and nslookup to the server from the remote subnet to the local subnet.  from what i see and know, firewall is not an issue.  i've tried adding a route 172.16.32.0 mask 255.255.255.0 192.168.0.109 (sonic wall gateway) on the problem server but that did not make any difference.

any ideas?

thanks in advance.

shawn
0
Comment
Question by:scraby
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 56

Expert Comment

by:McKnife
ID: 40448710
That have to be firewalls. They can be based at the server or the client or in between at the gateway/router. Ask your network admin for help.
0
 
LVL 7

Author Comment

by:scraby
ID: 40448926
the firewall is setup to allow everything in both directions between vpn and lan.  traffic passes to other servers through the same path without issues.  i can pass traffic on 445 to one server but not to another.  i can pass traffic on 53 to both servers.  that means outbound firewall on workstation is configured correctly.  it also means that in between firewall is configured correctly.  firewall is not enabled at the server.  i can get to both 53 and 445 from local subnet.  i can get through on 53 and 445 on one server from remote subnet but i can only get through on 53 on another and not on 445.

i think i'm going to have to use a tool like wireshark or logging on the firewall to see where traffic is blocked but that's about where my knowledge drops off.

btw, one man it team here.  i am the network admin
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 300 total points
ID: 40449218
Again: If telnet says it's closed, there's no other possible reason but a firewall. So either there's one that you are not aware of at the moment, or it is configured in a way you are not aware of or it acts defective.
So double check anything and look at all firewall logs. Keep in mind that security software might have enabled firewall components, too.
0
 
LVL 7

Accepted Solution

by:
scraby earned 0 total points
ID: 40449945
well, i did some monitoring and logging on both firewalls and found that traffic was not getting blocked at either of these appliances.  

i wound up deleting a couple of routes that i wasn't too sure about and also added a route on one server that i could not access port 445 on (route add 172.16.32.0 mask 255.255.255.0 192.168.0.109).  it started working.  i don't understand routes very well but i'm assuming that a packet originating from a 172 subnet with a 192 destination cannot get to it's destination if the destination machine does not have that subnet defined in it's routing table.

thanks for the help
0
 
LVL 7

Author Closing Comment

by:scraby
ID: 40466466
Thank for your help.  I think adding the route did the trick.

shawn
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question