Mapping a drive over VPN

[DannyDS]

I have a problem mapping a drive through VPN on a Netscreen 10 firewall. From the remote computer I can tell the VPN channel is set up, the Key Icon is visible on the Netscreen remote aplet. I can ping the external, and internal IP address of the Netscreen firewall. I have set up a lmhosts file on the remote client. I have set up a WINS server on a server behind the Netscreen firewall and I am pointing the remote client to the WINS server. I can ping the 3 main servers I am interested in mapping drives to, including the WINS server, by IP address and name.
The remote client, even though it is pointed to the WINS server it is not registering it self there. Seeme to me like it should.
The remote client shows an IP address in the 192.168.X.X range using the connection monitor on the remote client. The IP range of the LAN I am trying to map drives to is 10.1.1.0 range. This should not be a problem should it?
Would this prevent the remote client from registering itself in WINS?

When I try to map a drive (\\servername\sharename) I get "can not find \\servername\sharename."
I can't get the drive mapped by using the IP address instead of the servername either.

I have even tried this using the DNS servers on my domain (behind the Netscreen firewall) on the remote client. I can ping both DNS servers successfully by IP address and name, but I still can not map a drive. I can see that information is traveling through the tunnel. The Netcreen Icon shows a green dot when secured traffic is being passed. The logs on the Netscreen Firewall record the traffic from the remote client also.


The remote client is Win 2k pro. It is a laptop that is already joined to the domain I am trying to contact.

What am I doing wrong?

Thanks

 

[bugz1]

Hey i just had the same problem with the client not being able to map the network drive. did you check if both client for ms networks and file and printer sharing is checked? other then that you did all what i tried and i got mine working

let me know if that dosnt work

Justin

 

[DannyDS]

Thanks Bugz1,

I'm at work now so I will have to check when I get home.

Last night, doing some testing, I found out this.
First there are 4 servers behind the firewall.
Server1, Server2, Server3, and server4.

From the client laptop I can ping All of them by IP address and get a reply.
Pinging by name results in,
Unknown host for server1
Reply from server2
Times out for server3
and unknown host for server4.

Using VNC I can only connect to server2 through the VPN tunnel. All the other servers I get a can't find host message. BUT when I put the IP address of the DNS servers on my domain (server1 and server2) I can connect to ALL the servers using VNC through the tunnel.
BUT I still can not map a drive.

Thanks

 

[sydlow]

Danny

I would first be concerned with the fact that you can't map a share using an IP address. I would tshoot this first and then worry about the WINS. This might be as simple as bugz1's tip on you not having file sharing enabled. I will check for your reply on this and go from there.

You might want to try using a packet sniffer like Ethereal (It's free and fairly simple to use). Just make sure you sniff your VPN adapter and not your NIC or dial up adapter.

 

[ChicagoTechNet]

quoted form

http://www25.brinkster.com/chicagotech/

VPN clients can't browse remote computers in Network Neighborhood/My Network Places

Symptoms: 1) When using VPN to browse the network or a specific server, you may receive the message System error 53 has occurred. The network path was not found. 2) The VPN clients can't browse remote computers in in Network Neighborhood/My Network Places

Resolutions: Inability to browse often means the client can't resolve NetBIOS names. 1) Make sure the client has correct DNS, WINS Master Browser settings. 2) Make sure the default gateway points to the remote network rather than to the ISP. 3) By default, most routers and firewalls prevent the transmission of NetBIOS names unless you enable UDP ports 137 and 138 and TCP port 139. 4) Some ISP might block ports required for NetBIOS name broadcasts. 5) If WINS address is not distributed upon connection to VPN, LMHOSTS should be
configured to enable Domain to be located. 6) If you try these techniques and the client still can't browse, try to use UNC to connect to the remote LAN, for example, use the net use h: \\servername\sharename command.

Robert, MS-MVP & MCSE

http://www25.brinkster.com/chicagotech/

 

[sydlow]

In responce to blin2000.....DannyDS is not trying to browse the network neighborhood. He is simply trying to map a drive. If he cant do it by IP address than he more than likely wont be able to do it via WINS name. He needs to tshoot is IP conectivity first. Also....he only needs to worry about a router blocking netbios if its behind the netscreen. But he will want to make sure the Netscreen is not blocking things. (I.E. Netbios) Any hops (routers) he goes over on the VPN will be transperent. NETBIOS should be encapsulated within the VPN traffic.

 

[DannyDS]

Thanks for the info.
It seems MSN is blocking at least ports 135, 137, 138, and 139. They are working to upgrade their modems to not block these ports later on this Month.

I guess I will have to go with lmhosts files for now.

Thanks.