cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
728
Views
0
Helpful
5
Replies

Netbios traffic over VPN with PIX 501

lhiscock
Level 1
Level 1

We have a WAN setup between corporate and two branch offices using PIX 501's. We have VPN tunnels up and working via IPSec. We also have remote access into the corporate office via PPTP. Traffic is primarily telnet/ssh into a Unix application server.

We have a new requirement to be able to map a drive at one of the branch offices to a shared folder on a Samba (Unix) server at corporate. This is currently working at corporate on the local subnet. The Samba server is also the secondary WINS server. The primary WINS server is a Linux system, also running Samba.

I can access the corporate Samba server from the branch office via telnet, ssh, ftp, icmp, etc., but I can't seem to get Netbios traffic routed to it. I have enabled Netbios over TCP/IP on the remote PC, and pointed it to the two WINS servers. I can ping the host by name, but net view \\hostname returns an error. (At corporate, net view \\hostname returns a list of disk and print shares).

What else do I need to do to get Netbios traffic routed over the VPN? (I don't need netbios enabled over the PPTP connections). Config files are attached (SiteA=Corporate, SiteB=Branch). Security keys/ip addresses are masked.

Thanks in advance :-)

5 Replies 5

lhiscock
Level 1
Level 1

Anyone? Anyone? Bueller? ;-)

Hmmm ... no responses in two weeks. Does this mean it can't be done?

Anyone interested in a PAID gig to help me get this working?

Contact me at larryh at wcs-corp dot com

ltbergman
Level 1
Level 1

We are using a 506E at a Central Office with 18 other 501 PIX's. All are set using standard Site-to-Site VPN's using shared key. However we are on a Win 2003 DNS environment with all client computers using the DNS servers housed at the Central office. In this situation all branches are able to browse the network and use shared network resources. This works great for us with one drawback. We have yet to figure out how to set up to Trasverse multiple VPN's i.e. Branch-Central-Branch so network resources in this situation don't work. My question would be then for you is what are you using for a DNS infrastructure or are you just using WINS?

Also are the erors the same when you try windows based servers on net view?

There are no windows servers in our network. There is a SCO server and a Linux server. The Linux server is the primary DNS server and the backup WINS server. The SCO server is the primary WINS server.

I have no trouble reaching either of these boxes by either name or IP address from anywhere on the WAN using other protocols (e.g. ftp, telnet, ssh, pop3, smtp, etc)

It's ONLY the netbios traffic that's not getting routed.

You have checked with your WINS server and your clients are registering with it? One thing that you could try as well is create an lmhost file with name/IP translations on the client to see indeed if the WINS is working or not. Also what is the exact error that you get when you do a net use for the smb server in question.

I have always disliked using WINS always seemed to just go south so we went with an internal DNS structure.

Is your DNS just for public side name resolution? Have you thought of or tried to create private DNS system instead of WINS? I believe that this would take care of your problem. Since the name resolution would be through DNS then you would not need WINS.

See these articles.

http://www.sysadmin.com.au/news/nt-dns-hole.html

http://support.microsoft.com/kb/172218

http://support.microsoft.com/kb/119493/EN-US/

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: