Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NetBios forwarding over NAT VPN

We have a standard hub and 2 spoke network consisting of 827's running NAT over a VPN. Everything appears fine, we can ping across the VPN etc, but what we are having trouble with is browsing NetBios names and hitting an SQL server on the other side of the link. We are relying totally on Windows networking, there is no WINS server or PDC. NAT is stopping NetBios forwarding as is well documented, but I need to know if there is a preferred method of broadcasting NetBios UDP across the VPN. We have tried IP fowarding and helper addresses but they have not worked. Is there a 3rd party forwarder or tunnelling option...or is there a UDP forwarding config we're missing? Any tips would be appreciated. Has anyone tried this setup successfully?

Thanks

Dean

5 REPLIES
Green

Re: NetBios forwarding over NAT VPN

Have you tried putting the database server's name in the hosts tables of the client PCs?

Hosts on Win9x and XP is in C:\windows

Hosts on NT/ WIN2K is in \winnt\system32\drivers\etc

There should be a sample file (hosts.sam) in the directory. Just copy that file, edit it in the same format (adding your server names / IP addresses), and save it to "hosts" (no extension, no quotes).

Good Luck

Scott

Green

Re: NetBios forwarding over NAT VPN

Edit to my post above: You may also want to add the server's name & address in the LMHosts file as well (that is the traditional name resolution file for LANMAN).

Scott

New Member

Re: NetBios forwarding over NAT VPN

Dean, we had a very similar problem where all of Cisco's firewall products to date will not rewrite any SMB Packet contents. With MS browsing\WINS and NT Authentication LSA/RPC Local or Domain the devices real IP address is embedded in the SMB content.

If you are purely running MS Browsing across a VPN Tunnel with no NAT then make sure that type 20 propogation is enabled across all interfaces. This should allow the forward of netbios broadcasts which the MS Master browsers will require on each broadcast domain. Personaly I would not like to rely on MS Browsing as it is possible for delays of up to 60mins before non-existant devices are removed from the broadcast domains!

Hope some of this might help.

Cheers, John

CCIE#9334

Green

Re: NetBios forwarding over NAT VPN

No dispute here, because I'm not sure, but isn't "Type 20" an IPX / Netbios packet ?

Or is it just triggering some process that goes into packet looking for NETBIOS information?

Scott

New Member

Re: NetBios forwarding over NAT VPN

I think you're right Scott, type 20 refers specifically to IPX/NetBios propogation as far as I'm aware.

We have a local hosts file in the test machine we are using, and can ping the NetBios name. But we still can't browse to them. IT is as if the Master Browser isn't being propogated, I have heard that IP forwarding can break the Master Browser as it starts to receive broadcasts form different subnets.

Thanks

Dean

584
Views
0
Helpful
5
Replies
CreatePlease to create content