Re: VPN users not able to map drives using NetBIOS names

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/21/05 

Date: Sun, 20 Feb 2005 22:33:09 -0600

Using a single physical network adapter in your configuration is fine and I
have done it myself with great results. Normally I would say to make sure
that the RRAS server is configured to enable IP routing in the IP properties
of the server in RRAS Management console but I believe you said that you can
already access the internal network from your own computer as a VPN client
so it would seem that is already enabled. If not doing so already, try to
ping by the internal network by IP address also instead of just name. Input
and output filters on your internal network adapter or in Remote Access
Policy could also be restricting access to those computers but that would
not be configured by default. I assume the static pool IP addresses are also
on the same network as the RRAS server's internal network adapter connected
to the lan. The VPN server itself will be assigned one of those addresses
for the virtual adapter it uses for the VPN server connection that would be
different than the actual address of the physical adapter. Just make sure
that IP address is not the same IP address as assigned to the VPN client as
I have seen that before. You can check the status/details of the VPN
connection to see what addresses are used for that connection.--- Steve

"Marty S" <MartyS@discussions.microsoft.com> wrote in message
news:108E8272-C389-445D-AC81-B86749F4EC3A@microsoft.com...
> My server is behind a firewall that forwards the VPN traffic to it via
> NAT.
> Is it okay to use a single NIC for this application? I noticed something
> weird. The only thing i can ping from a non-domain machine connected to
> the
> VPN is the RRAS server itself. I get a return ping from one of the IP
> addresses in the static pool that i set up for RRAS.
>
> Marty
>
> "Steven L Umbach" wrote:
>
>> As I mentioned for the external network adapter connected to the internet
>> access should have file and print sharing, Client for Microsoft Networks,
>> and netbios over tcp/ip disabled and also in dns the "register this
>> connection" should be disabled for the external adapter. Your wins server
>> should only be listed on the internal network adapter used for the lan
>> and
>> the internal lan adapter needs to be at the top of the list in network
>> connections advanced/advanced settings.
>>
>> RRAS servers normally have two physical network adapters unless it is
>> behind
>> a NAT router/firewall connection that forwards VPN connections to the
>> RRAS
>> server's internal network adapter. On one of the client VPN's that can
>> not
>> browse the network run Ipconfig /all to see if they are being assigned a
>> wins server for their VPN connection. I understand that some "protection"
>> software installed on a computer such as personal firewalls or even anti
>> virus programs can be configured to block over tcp/ip netbios which will
>> block the browse service traffic that allows the use of My Network
>> Places.
>> Booting into safe mode will bypass such programs but also will bypass
>> personal firewalls so do not try such unless the user is also behind a
>> firewall device such as a NAT router/firewall. Another thing to try is to
>> have the user name the workgroup their computer is in to the same name as
>> your domain. However if they are a member of another domain do NOT have
>> them
>> do such or they may be locked out from logging onto their computer. ---
>> Steve
>>
>>
>> "Marty S" <MartyS@discussions.microsoft.com> wrote in message
>> news:50464294-29F4-4E14-9CFA-A6B828B898F0@microsoft.com...
>> > Enable BNR is checked. I have two existing WINS servers, one of which
>> > is
>> > the
>> > RRAS server. I did have this server set up with dual NIC's, one for
>> > RRAS
>> > and
>> > one for regular LAN traffic. The one NIC that is active right now has
>> > 5
>> > IP
>> > addresses bound to it for some internal web hosting. What is the best
>> > way
>> > to
>> > set up a RRAS server, one or two NIC's? If two, then what exactly do
>> > you
>> > have each of them set up to do?
>> >
>> > I also wanted to mention that if I take my laptop home, which is part
>> > of
>> > the
>> > domain at the office, I can connect to the VPN and ping everything and
>> > browse
>> > as usual. It is only on machines that are not part of the domain that
>> > I
>> > am
>> > having the problem. I didn't know if this would make a difference in
>> > your
>> > response or not.
>> >
>> > Thanks Steve!
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> There is an option in Windows 2003 RRAS that may help. Open the RRAS
>> >> Management Console and find your server, right click and select
>> >> properties,
>> >> go to the IP page and make sure "enable broadcast name resolution" is
>> >> enabled. If that does not help configure wins server on your network
>> >> making
>> >> sure that all the servers are also wins clients. Lmhosts files could
>> >> also
>> >> be
>> >> used, though it makes more sense to use wins if possible due to ease
>> >> of
>> >> implementation. Multi homed computers such as RRAS servers should have
>> >> the
>> >> internal LAN network adapter at the top of the list in network
>> >> connections/advanced/advanced settings. The "external" adapter for
>> >> internet
>> >> access should have file and print sharing, Client for Microsoft
>> >> Networks,
>> >> and netbios over tcp/ip disabled and also in dns the "register this
>> >> connection" should be disabled for the external adapter. --- Steve
>> >>
>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q180094 --
>> >> lmhosts
>> >> for network browsing.
>> >>
>> >> "Marty S" <MartyS@discussions.microsoft.com> wrote in message
>> >> news:449BB4A6-D7B8-4AE2-8009-0ACFB8F7BE60@microsoft.com...
>> >> >I have a 2003 Server running RRAS and managing VPN connections from
>> >> >empoyees
>> >> > on their home machines. They connect to the VPN fine but cannot use
>> >> > NetBIOS
>> >> > names to set up drive shares or browse the network. They instead
>> >> > have
>> >> > to
>> >> > use
>> >> > IP addresses. Is there any way around this?
>> >> >
>> >> >
>> >> > Thanks,
>> >> > Marty
>> >>
>> >>
>> >>
>>
>>
>>

Relevant Pages

  • Re: Need help with VPN
    ... Does the Client VPN Network Adapter need to ... have it's DNS point to the server, or does it need to be ... the External Network Adapter need to have its DNS point to ... If its the VPN Connection, ...
    (microsoft.public.windows.server.sbs)
  • VPN Win98/Win2K L2TP/IP Adapter
    ... In fact you can connect Win98 with W2k RRAS as a VPN ... >We have a Co-Lo'd Win2K VPN Server. ... > although I can ping any url, the Network Adapter will ... >Bind the TCP/IP Protocol ...
    (microsoft.public.inetserver.iis.security)
  • Re: Error message (id 14147) occurs everytime a new VPN user conne
    ... Is there a way to specify a static IP address that my RRAS server will use ... configure Network Load Balancing and may be safely ignored if it does not ... internal network was setup prior to implementing VPN and the Internal network ... ISA Server detected routes through the network adapter External - Broadcom ...
    (microsoft.public.isa)
  • Re: Connection Wizard - VPN Problem
    ... VPN Server Name The Routing and Remote Access service enables your server to be a virtual private network server. ... type the fully qualified host name used to access your server from the Internet. ... The "enter the IP address of the network adapter used to connect to the Internet" is where I might be going wrong. ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2003 VPN wont respond to packets forwarded by Linux router
    ... Win2K3 server? ... Do you have correctly marked external and internal network ... problem is in certificates, use MS CHAP v2 for test, till it works with MS ... > forwarded VPN traffic to a Windows 2000 Pro workstation. ...
    (microsoft.public.windows.server.networking)