I am having problems getting browsing to work through my VPN tunnel. I am using a 3005 running 3.5, I am using the 3.03-b-k9 client on my system. The problem is this, I log onto the VPN, everything goes fine, but I can't browse network neighborhood. I can do a \\hostname or \\ipaddress and get to the computer I want to access, but there is no browse list. Has anyone had this issue? is it correctable? Or is this just a case of netbios not working with the implementation? Thanks in advance for any help.
I'm having the same problem.
I'm using cisco 1751 with IOS 12.2.8T and VPN Client 3.5.1 . I can ping all the LAN (it's on a different subnet also) and I can also BROWSE the machine by IP with \\ipaddress or if i setup an HOST file i can also do it by name but my W2000 client does not seem to use the WINS set up! It is registered on the WINS and the LAN can ping it by netbios name. but he's not taking info from the wins.
May be your problem is on Access List on the interfaces. Try to diasble all ACL on WAN an LAN interfaces.
Let me know.
The access-lists won't matter, the packet goes through the public access-list before it's decrypted, so all the public interface sees is ipsec through a tunnel that allows all established vpn traffic through. And I have no access list on the inside interface so the traffic isn't getting stopped on the way out either. As you said, the box register itself in WINS and can ping by netbios name, but you just can't browse.
How long are you waiting before you see the browse lists? If this is a Microsoft OS make sure that "client for Microsoft Networks" and "File and Print sharing" are turned on.
I have waited for as long as an hour. I would expect everything to come up in around 15 minutes. They are Microsoft OS, a collection of clients, 98, Win2k and WinXP. If I plug the box into the LAN I can browse fine which leads me away from a client misconfiguration issue. Today I tried hardcoding the WINS server from the LAN into the remote computer with no success. FYI the LAN is a flat network.
Sorry about that, yes File and Print sharing is turned on. When the client is on the actual network it works fine, I can see everything.
Since the remote clients are coming up without the network connection established, they are probably taking on the "Master Browser" role. Have you tried disabling this?
Good thought, I have tried it with the browser service set for off, participate in browser elections and always assume master browser status. Still dosent work. The curious thing is you can see the master browser using browser monitor from the Win2k Resource kit.
Is this a native AD or an NT domain. If it is a native AD, turn on use Wins for DNS on the domain controller. Are the VPN clients being assigned an address range the same as the inside hosts/master browser? If not, what if the clients lie on the same subnet. The vpn clients should not be set as master browser or even backup browser, you set this on the machine on the internal lan.
Guess I'm a little confused here. Deciding to use WINS or DNS is a client choice isn't it? No matter what I set the resolver to on the DC if the client is Win98 it will act differently then say WinXP. Or am I talking about something completly different here? As for the second question, I misspoke earlier, I have a a client subnet, a server subnet and a vpn subnet, I have placed a box on the vpn subnet that has the master browser switch in the registry to always on, when you vpn in and use broswer monitor from the Win2k resource kit you see it listed as the master browser for the subnet, you check WINS and it has the appropriate listing there as well. Im about to forget about this and flatten the vpn subnet into the client subnet and cure my problem the old fashioned way.
My two cents, first of all make sure that your WINS or DNS(if its Win2K environment) are working properly at the central site. Secondly the machine through which you are connecting to central site must have the same DOMAIN name as of the central site. It seems absurd but it works.
What is the remote client, and is the same type on the internal network? All NT or all 98 will (or used to) work differently than a network with mixed types; and you may end up using a browse master with incompatible type or incomplete list.
What you actually need is the equivalent of the ip helper command used on the Cisco routers. Does anyone know if there is a similar command?
We are having a similar issue. We have W2K Server and we're authenticating against the Active Directory using the IAS in Win2K. We're using the new vpnclient-win-3.5.1.B-k9.
The VPN is working great. We can connect to the LAN and surf to internal IIS servers. We can do a 'net send' to all computers internally and even run Terminal Services on any of our Win2K servers.
So what's the problem? We are having sporadic results in browsing the network. We get only the client listed in the Network Neighborhood. When we type in the UNC 'SOMETIMES' it will do type ahead prediction on the share, ie it's connected and got a list of avilable shares. Mostly, though, it just sits there for ages and times out.
When we click on the VPN Dialer icon in the system tray it reports the correct IP as being from a different network (172.16.128.x for internal and 172.16.129.x for VPN). It says that LAN access is disabled even though the check box is clicked in the properties and we even tried it without the check box, but it doesn't seem to matter.
We had the same problems at our company. I worked with Microsoft and they said that is was a corrupt WINS database. So I deleted them and had them recreated and it seemed to work. Give that a try. Also, the Microsoft tech wanted me to make sure that on the servers that had the WINS services, they had their WINS entries pointing to themselves. For instance, if 192.168.1.4 is the primary WINS server, make sure that under IP, the WINS servers listed are itself. Hope that makes sense.
I am experiencing the same problem after a migration from a vpn "cisco2600 to cisco2600" to an vpn "PIX515 to cisco2600"
Before the migration network browsing was working properly and then, no way to see the other side.
I permit all ip from one side to the other (so I think wins, netbios should pass through)
Is there any special command in the PIX to let browsing through ?
How long does it take to see all the computers in browsing ?
We are also have the same problems as everyone has discussed. I have been to the Cisco VPN classes, and no resolutions and I have also place a call in with TAC. They have test the WINS problem, and everyone possible solution that has been listed, still no results. I believe it may be just a compatibility bug. Any other ideas?
This is a very old string, can you be more specific on which software versions you are using as well as what OS you are on. There are several issues that have been fixed but some are OS related.
We continue to have the same problem. I can connect just fine and ping all over the inside of my network - but try to resolve a name? NO WAY! Everything is configured correctly and I am running the lates release of both the VPN 3000 software and the latest CLIENT software. Been working with the TAC and they have provided some good ideas - but - still nothing!
i think Cisco has already identified your problems. In general browsing the network neighborhood is officially not supported but it will work if configured correctly. And by the way, Broadcasts cannot go through an IPSec tunnel.
Please read this Document: