Netbios traffic over VPN with PIX 501

Unanswered Question
Sep 25th, 2007
User Badges:

We have a WAN setup between corporate and two branch offices using PIX 501's. We have VPN tunnels up and working via IPSec. We also have remote access into the corporate office via PPTP. Traffic is primarily telnet/ssh into a Unix application server.


We have a new requirement to be able to map a drive at one of the branch offices to a shared folder on a Samba (Unix) server at corporate. This is currently working at corporate on the local subnet. The Samba server is also the secondary WINS server. The primary WINS server is a Linux system, also running Samba.


I can access the corporate Samba server from the branch office via telnet, ssh, ftp, icmp, etc., but I can't seem to get Netbios traffic routed to it. I have enabled Netbios over TCP/IP on the remote PC, and pointed it to the two WINS servers. I can ping the host by name, but net view \\hostname returns an error. (At corporate, net view \\hostname returns a list of disk and print shares).


What else do I need to do to get Netbios traffic routed over the VPN? (I don't need netbios enabled over the PPTP connections). Config files are attached (SiteA=Corporate, SiteB=Branch). Security keys/ip addresses are masked.


Thanks in advance :-)



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lhiscock Wed, 10/10/2007 - 10:49
User Badges:

Hmmm ... no responses in two weeks. Does this mean it can't be done?


Anyone interested in a PAID gig to help me get this working?


Contact me at larryh at wcs-corp dot com

ltbergman Wed, 10/10/2007 - 15:32
User Badges:

We are using a 506E at a Central Office with 18 other 501 PIX's. All are set using standard Site-to-Site VPN's using shared key. However we are on a Win 2003 DNS environment with all client computers using the DNS servers housed at the Central office. In this situation all branches are able to browse the network and use shared network resources. This works great for us with one drawback. We have yet to figure out how to set up to Trasverse multiple VPN's i.e. Branch-Central-Branch so network resources in this situation don't work. My question would be then for you is what are you using for a DNS infrastructure or are you just using WINS?


Also are the erors the same when you try windows based servers on net view?

lhiscock Wed, 10/10/2007 - 17:27
User Badges:

There are no windows servers in our network. There is a SCO server and a Linux server. The Linux server is the primary DNS server and the backup WINS server. The SCO server is the primary WINS server.


I have no trouble reaching either of these boxes by either name or IP address from anywhere on the WAN using other protocols (e.g. ftp, telnet, ssh, pop3, smtp, etc)


It's ONLY the netbios traffic that's not getting routed.

ltbergman Wed, 10/10/2007 - 18:15
User Badges:

You have checked with your WINS server and your clients are registering with it? One thing that you could try as well is create an lmhost file with name/IP translations on the client to see indeed if the WINS is working or not. Also what is the exact error that you get when you do a net use for the smb server in question.


I have always disliked using WINS always seemed to just go south so we went with an internal DNS structure.


Is your DNS just for public side name resolution? Have you thought of or tried to create private DNS system instead of WINS? I believe that this would take care of your problem. Since the name resolution would be through DNS then you would not need WINS.


See these articles.


http://www.sysadmin.com.au/news/nt-dns-hole.html


http://support.microsoft.com/kb/172218


http://support.microsoft.com/kb/119493/EN-US/



Actions

This Discussion