NetBIOS Name can not pass through the Site-to-Site VPN tunnel

Discussion in 'Cisco' started by Benson, Jul 8, 2005.

  1. Benson

    Benson Guest

    Hi,

    I have constructed the Site-to-Site VPN Tunnel by using PIX506Es.

    But I could not share the shared folders between two sites, how can I
    solve this problem ?

    Thank you
    Benson
     
    Benson, Jul 8, 2005
    #1
    1. Advertisements

  2. Benson

    dt1649651 Guest

    Do you have WINS server ? If not, you may need one. If yes, check ACL
    to be sure the NetBIOS packets are able to pass thru the tunnel.

    DT
     
    dt1649651, Jul 8, 2005
    #2
    1. Advertisements

  3. Benson

    hal Guest

    You need to enable netbios over tcp in your adapter tcp/ip properties.
    If that doesn't work you can still manually map drives the the 'net
    use' command. The only thing windows uses netbios for now (AFAIK) is
    network neighborhood browsing. You can still map SMB by name over IP.

    Hal
     
    hal, Jul 8, 2005
    #3
  4. Benson

    Benson Guest

    Hi,
    My network has no WINS Server, and it is using the Pure AD infrastructure,

    How can I see if the netbios packet can go through the tunnel ?

    Thank you
    Benson
     
    Benson, Jul 9, 2005
    #4
  5. :My network has no WINS Server, and it is using the Pure AD infrastructure,

    I don't know how things are -intended- to work with AD, but my
    observation from our recent switch to Exchange 2003 is that NETBIOS is
    needed more than ever before [though -possibly- to fewer random locations.]


    :How can I see if the netbios packet can go through the tunnel ?

    netbios resource advertisements are local broadcasts, and broadcasts
    don't get sent through tunnels in PIX 6.x (PIX 7.0 has layer 2
    transparent firewalling.) Thus, the resource names won't get through
    a VPN unless you have an alternate name distribution mechanism such
    as WINS.

    As other posters suggested, if you use direct IP numbers or if you
    configure in such a way that DNS works to resolve names, then you
    can map folders over a VPN -- it's the locator service that doesn't
    work, but once you get the right location then the mapping can proceed.
     
    Walter Roberson, Jul 9, 2005
    #5
  6. Benson

    Chad Mahoney Guest

    You can setup a DNS server at each end of the tunnel, replicate the DNS
    servers then add the host name and IPA's to the DNS server, then on
    either side of the tunnel when you ping hostA it will query the local
    DNS server for IPA to reach that host, once the IPA has been gotten the
    firewall will route the traffic accross the VPN tunnel to its
    destination. Since you are in a true AD environment, hosts should
    register with there local DNS upon logon, that registration is
    replicated to the other DNS server.


    hth,

    Chad
     
    Chad Mahoney, Jul 12, 2005
    #6
  7. Benson

    Chad Mahoney Guest

    You can setup a DNS server at each end of the tunnel, replicate the DNS
    servers then add the host name and IPA's to the DNS server, then on
    either side of the tunnel when you ping hostA it will query the local
    DNS server for IPA to reach that host, once the IPA has been gotten the
    firewall will route the traffic accross the VPN tunnel to its
    destination. Since you are in a true AD environment, hosts should
    register with there local DNS upon logon, that registration is
    replicated to the other DNS server.


    hth,

    Chad
     
    Chad Mahoney, Jul 12, 2005
    #7
  8. Benson

    bvlmv Guest

    ip helper ?

     
    bvlmv, Jul 14, 2005
    #8
  9. Benson

    bvlmv Guest

    IP FORWARD PROTCOL UDP
     
    bvlmv, Jul 14, 2005
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.