Results 1 to 7 of 7

Thread: Some problems with VPN

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    16

    Some problems with VPN

    Hi, i have two offices, in the main office there is actually a server win2003 std in domain configuration and a Zywall 35 UTM with two xDSL lines connected, on the remote side there is a workgroup and another zywall 35 (not utm but not a prob).
    I have configured the two Zywall to create a vpn tunnel. The tunnel is created, in the configuration i have selected "Nailed-Up" and "Allow NetBIOS broadcast Traffic Through IPSec Tunnel", in the subnet section the ports on both sides are configured on "0" to permit all traffic on all protocols.

    Now the problems:
    - From the main office i can see the remote computers but, if i try to browse them i cannot (maybe it happend cause the remote computers aren't actually connected with the domain. I ll add em tomorrow...).

    - Instead from remote side i connot see the computers in the main offices by explorer, but i f i enter the ip of that machine (like "\\192.168.1.1") i can see the shared folders and, entering the admin password i can browse all file.

    - Other problems is that if i try to enter in the web configurator of the remote zywall i cannot!! it should let me enter on the lan ip (it configured to do that!)

    I dont know if i had to create some particullary rules on the two zywall. Let me know if u know how to help me! Tank's!!

    FABIO

  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,955
    For performance reasons, you don't want to allow netbios through a VPN tunnel...it destroys the bandwidth, brings the tunnel to a crawl. Configure the satellite office machines to log into the domain. They will use your DC's IP address as their primary DNS server, thus also getting name resolution. It also helps in joining the domain, to fill in the DNS suffix in TCP DNS properties..advanced button. Can have their secondary DNS server be the satellite routers LAN IP if it DNS relays, or fill in your ISPs DNS server..so they can surf and resolve when the tunnel is broken.

    Not sure about the web admin rules, haven't used that brand for VPN tunnels, but so as it's not a show stopped til you figure out what to do...RDC to your server and launch IE from there to get tweaking done from the satellites.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Junior Member
    Join Date
    Aug 2006
    Posts
    16
    Quote Originally Posted by YeOldeStonecat
    For performance reasons, you don't want to allow netbios through a VPN tunnel...it destroys the bandwidth, brings the tunnel to a crawl. Configure the satellite office machines to log into the domain. They will use your DC's IP address as their primary DNS server, thus also getting name resolution. It also helps in joining the domain, to fill in the DNS suffix in TCP DNS properties..advanced button. Can have their secondary DNS server be the satellite routers LAN IP if it DNS relays, or fill in your ISPs DNS server..so they can surf and resolve when the tunnel is broken.

    Not sure about the web admin rules, haven't used that brand for VPN tunnels, but so as it's not a show stopped til you figure out what to do...RDC to your server and launch IE from there to get tweaking done from the satellites.
    Yes, u right, i ll block netbios traffic, but i've allowed it only to watch how it works and i dont understand why seems to work at one way only!... I think te reason is cause that computer aren't add to domain, but im not sure on it...
    Teorically if i block netbios traffic on vpn and i leave the rules for local and remote port to "0", that means all ports, the netbios traffic will be blocked or not?!?
    I have a strange problem on using RDC from some computers in remote network to computers on the other side: if i enter the lan ip rdc works for some times, with all screen black, then it says to me that remote computer had closed connection....from other xp pc in the same subnet to the same computer on the remote subnet rdc works perfectlly!!!

  4. #4
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,955
    For peer to peer eventually you might get some browsing happening with netbios passthrough..but active directory and name resolution run much smoother if you follow the rule of thumb...workstations in AD use the IP of the DCs for DNS.

    Odd about RDC not functioning...MTU manually set on the routers?
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  5. #5
    Junior Member
    Join Date
    Aug 2006
    Posts
    16
    Mmmm.....i dont find the set of MTU in none section, but im quite sure that i've saw that somewhere!
    How have to be set the mtu?

  6. #6
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,955
    Quote Originally Posted by acco
    Mmmm.....i dont find the set of MTU in none section, but im quite sure that i've saw that somewhere!
    How have to be set the mtu?
    I prefer to manually set MTU on routers.....regardless of the brand, I find in more cases that "auto" isn't ideal. Some makes/models need it set to auto...but "most" for me, manually set seems to be better.
    For T's, cable, and bridged DSL, 1500
    For PPPoE DSL, 1492
    Those have worked for me here in the US. I've seen going lower be required on some forums regarding VPNs over in Europe, such as the UK, where PPPoA DSL is more popular..and I think 1458 worked best there.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  7. #7
    Junior Member
    Join Date
    Aug 2006
    Posts
    16
    Ok, i got another problem (some iusses was caused by balcing of two xDSL lines): the tunnel between two zywall is done but i cant ping to internal computers ip, i can ping the lan interface, the name resolution works properlly (if i ping giving a name of one of remote computers ping translate the name with right ip but there is no response, all packets are lost).
    Some ideas? Could be some iusses with firewall rules? But if i specified that all traffic in the vpn should go without block it should bypass firewall or not?!?

    Help it make me crazy!

Similar Threads

  1. VPN and Router problems
    By kinkladze10 in forum Wireless Networks & Routers
    Replies: 19
    Last Post: 07-07-11, 11:10 AM
  2. Cisco VPN client and Netgear WGR614 problem
    By vanc in forum Networking Forum
    Replies: 14
    Last Post: 01-28-11, 12:15 PM
  3. Connecting 2 VPN networks in one site.
    By laberlaber in forum Wireless Networks & Routers
    Replies: 1
    Last Post: 11-20-06, 08:37 AM
  4. 1 LAN, 2 DSLs, 1 VPN
    By Billy Davis in forum Wireless Networks & Routers
    Replies: 4
    Last Post: 05-08-06, 10:03 AM
  5. Strange Wirless problems
    By Center in forum Wireless Networks & Routers
    Replies: 0
    Last Post: 07-24-05, 06:53 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •