Re: Remote site browsing and file access

Thanks for taking the time to post -- I appreciate the response. However,
I'm pretty skeptical its a routing issue (at least not any more of an issue
than routing typically causes for remote netbios name resolution). That
being said, by all means, let me know what I'm missing:

HQ Site:
-DSL cnx w/ multiple public IPs
-OpenWRT based VPN gateway
-- uses software VPN to connect 10.10.0.0/255.255.248.0 network to remote
site
-SBS Server 2003 R2 w/ 2 NICs
-- Nic1 has public IP assigned, connected through OpenWRT router with extra
firewall and specific transparent port forwards assigned for RWW, HTTP(s),
SMTP, etc
-- Nic2 has internal IP address assigned on 10.10.0.0 network
-- SBS has default route on internet gateway assigned to upstream DSL gw
-- SBS has persistent route added for 10.0.0.0/255.0.0.0 to the VPN gateway
(10.10.0.1)
-- SBS provides all local DNS and DHCP
-All client PC's are default routed to 10.10.0.1 (vpn gateway) which also
does NAT and web proxy/filter

Remote Site:
-DSL cnx w/ multiple public IPs
-OpenWRT based VPN gateway
-- uses software VPN to connect 10.10.8.0/255.255.248.0 network to HQ site
-Server 2003x64 R2 w/ 1 NIC
-- Nic has internal IP address assigned on 10.10.8.0 network
-- Server has default route assigned to vpn gateway (10.10.8.1)
-- Server provides all local DNS and DHCP
-All client PC's are default routed to 10.10.8.1 (vpn gateway) which also
does NAT and web proxy/filter

Pretty much everything works if directly connected via
\\remote_machine_ip_or_fqdn_address\share or some such variant. But browsing
doesn't work. Everything in DNS is properly registering (forward and
reverse).

Thanks in advance for any insight.

-Matt


"Claus" wrote:

Your problem isn't NetBIOS, DNS or WINS, it's a routing issue. To give you
specifics, I would need to know more details about your network (SBS
version, 1NIC/2NIC setup, subnet at HQ, VPN Router at HQ, Subnet at the
remote office with router IP, server IP, is all traffic from the remote site
supposed to be routed to HQ or do they have a separate Internet access)

In general terms think about the networks as 2 houses that are separated by
a few city blocks. If you want to assure that each person living in the
respective house gets the right direction to the other house you need to
assure that at every exit (front door, back door, garage) there is a set of
instruction that will guide them to the other house. There also need to be
instructions how to get to the supermarket.

In the networking world you do that with routing tables at ALL possible exit
points meaning hardware that is referenced as a GW anywhere in your network
structure(SBS box, routers, remote server etc.).

I hope this helps to clarify a bit.

--
Claus
"msb-2007@xxxxxxxxxxxxx" <msb2007nospamnospam@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:376DF80F-D0F7-41A5-9543-B0F0D3FA062B@xxxxxxxxxxxxxxxx
Ok, I thought I understood NetBIOS over TCP, DNS, and WINS and their
respective pieces in the puzzle to enable remote network file sharing and
browsing... but I was wrong. Banging my head against the wall...

Can someone point me to a good document for how to configure site to site
file sharing and browsing (with a SBS server at the core of the network,
and
a DC at the remote site)???

The sites are connected via VPN, but not MS VPN server to server (hardware
routers at each site). We're routing private address space (10.x.x.x)
behind
the VPNs, and most things work, but I still get intermittent browsing
issues
and can't connect from the SBS server to \\Remote_XP_Client\admin$ but I
can
connect from Remote_XP_Client to the SBS server shares.

Thanks.

-Matt






.

Relevant Pages

  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • Re: Remote Access and ISA Server in SBS 2003?
    ... I am glad to hear the Remote Access Wizard is working fine now. ... there is no difference in VPN between SBS 4.5 and SBS ... Error Message: VPN Connection Error 800: Unable to Establish Connection ... the external NIC of the SBS Server. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN with SBS 2003 (not R2) and DSL.
    ... Reading property value for VPN returned OK ... Reading VPN Server Name returned OK ... identical network cards. ... it seems doubtful that SBS will work properly with two NICs ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 sudden services problem over router based vpn
    ... I understand that your remote cannot receive POP3 emails through VPN ... SBS Server through routers. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Connection Problems
    ... Note that we are able to successfully VPN into the office. ... to browse the network, RDP to the server or even ping the server. ... > This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)