I can reach with IP but not with names through my VPN. Help!

[Rolf Edberg]

I want to connect a branch-office to ours through a VPN-connection with a
Juniper-router/firewall both sides. The VPN-connection are working so I can
access the router on the other side with a local IP(192.168.1.254) and I can
reach the server and the clients IP-addresses through tracert. (On ower side
we use 192.168.0.254 to reach to our router.)

But I can not reach them with their names. Therefore it is not possible to
setup a trust between my old win2000-domain and the new branch-office-domain
with win2003. I can manage the remote win2003-server with real-VNC and the
clients on the other side but nothing more. What shall I do?



Is it DNS(where)? Is it a port in the Juniper that has to be opened or
something else in the routers? WINS is installed on both servers.



Please help!!



Rolf Edberg

 

[Robert L [MS-MVP]]

quoted from http://www.ChicagoTech.net
Unable to browse through PPTP/VPN connection
Symptoms: 1. If the WINS server is on the same computer as the PPTP/VPN
server, and you attempt to connect to a computer using a PPTP/VPN client,
you may experience following problem: 1) The NetBIOS name of the computer to
which you are attempting to connect is not resolved. 2) You may receive an
error message similar to the following error message: "System error 53 has
occurred. The network path was not found" when using net view or opening
Network Knighthood.
2. If the WINS server is not on the same computer as the PPTP server and you
attempt to connect to a computer using a PPTP client, you may be able to
connect to computers on your local area network (LAN), but you may be unable
to connect to network shares or resources on the PPTP server.
Resolutions: Inability to browse often means the client can't resolve
NetBIOS names.
1. If this is a workgroup network, enable NetBIOS over TCP/IP on the server
and clients.
2. If this is domain network and the WINS server is on the same computer as
the PPTP/VPN server, move the WINS server to a different computer.
3. Add the NetBEUI protocol for your PPTP tunnel instead of, or in addition
to, TCP/IP.
4. By default, most routers and firewalls prevent the transmission of
NetBIOS names unless you enable UDP ports 137 and 138 and TCP port 139. Try
to enable UDP ports 137 and 138 and TCP port 139 across all routers and
firewalls between the PPTP/VPN client and PPTP/VPN server.
5. Make sure the client has correct DNS, WINS and Master Browser settings.
6. Make sure the default gateway points to the remote network rather than to
the ISP.
7. Some ISP might block ports required for NetBIOS name broadcasts.
8. If WINS address is not distributed upon connection to VPN, LMHOSTS should
be configured to enable Domain to be located.
9. If you try these techniques and the client still can't browse, try to use
UNC to connect to the remote resources by ip, for example, use the net use
h: \\serverip\sharename command.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.

 

[Rolf Edberg]

Thanks!
Questions:
1. Shall I install the WINS-server on a client on both sides?The W2k-server
on ower side has a WINS and the w2003-server on the other side has a WINS.
4. The VPN-line is configured so that the connection between the two nets is
trusted. Prevents the Juniper-routers the UDP and TCP ports anyway?
Shall the branch-office server DNS forward to the main-office(192.168.0.1)?
In the routers only the one on my side has an external DNS.
5.What is the Master Browser settings?
6. Default gateway where in the remote network? From the branch-office to
main-office at the server?
Thanks!!!
Rolf

 

[Bill Grant]

You say that you have WINS servers installed in both sites. Have you set
them up to replicate? You really need a network-wide WINS system, not two
LAN-wide WINS systems.

What about DNS . Are the two sites aware of each other? A common
practice is to make each DNS server a secondary for the other. Any DNS
request for a machine in either site can then be resolved locally.

 

[Rolf Edberg]

I had not set WINS to replicate. Now I have. Shall I start push or pull or
shall I leave it as default(push/pull) on both servers?

The second DNS is now the other server on both sides. What shall it be in
the the primary DNS in the main-office-server, in the brach-office-server
and in the Juniper-routers on both sides?

Rolf

 

[Bill Grant]

That isn't really what I meant about DNS. What you should do is make a
secondary zone on each DNS server, which is a secondary to the primary zone
in the other site. The secondary is a copy of the primary at the other
site.This means that each DNS server can resolve the names for either site.

I had not set WINS to replicate. Now I have. Shall I start push or pull or
shall I leave it as default(push/pull) on both servers?

The second DNS is now the other server on both sides. What shall it be in
the the primary DNS in the main-office-server, in the brach-office-server
and in the Juniper-routers on both sides?

Rolf

You say that you have WINS servers installed in both sites. Have you
set them up to replicate? You really need a network-wide WINS system, not
two LAN-wide WINS systems.

What about DNS . Are the two sites aware of each other? A common
practice is to make each DNS server a secondary for the other. Any DNS
request for a machine in either site can then be resolved locally.

Thanks!
Questions:
1. Shall I install the WINS-server on a client on both sides?The
W2k-server on ower side has a WINS and the w2003-server on the other
side has a WINS.
4. The VPN-line is configured so that the connection between the two
nets is trusted. Prevents the Juniper-routers the UDP and TCP ports
anyway?
Shall the branch-office server DNS forward to the
main-office(192.168.0.1)? In the routers only the one on my side has an
external DNS.
5.What is the Master Browser settings?
6. Default gateway where in the remote network? From the branch-office
to main-office at the server?
Thanks!!!
Rolf

"Robert L [MS-MVP]" <[email protected]> skrev i meddelandet
quoted from http://www.ChicagoTech.net
Unable to browse through PPTP/VPN connection
Symptoms: 1. If the WINS server is on the same computer as the PPTP/VPN
server, and you attempt to connect to a computer using a PPTP/VPN
client, you may experience following problem: 1) The NetBIOS name of
the computer to which you are attempting to connect is not resolved. 2)
You may receive an error message similar to the following error
message: "System error 53 has occurred. The network path was not
found" when using net view or opening Network Knighthood.
2. If the WINS server is not on the same computer as the PPTP server
and you attempt to connect to a computer using a PPTP client, you may
be able to connect to computers on your local area network (LAN), but
you may be unable to connect to network shares or resources on the PPTP
server.
Resolutions: Inability to browse often means the client can't resolve
NetBIOS names.
1. If this is a workgroup network, enable NetBIOS over TCP/IP on the
server and clients.
2. If this is domain network and the WINS server is on the same
computer as the PPTP/VPN server, move the WINS server to a different
computer.
3. Add the NetBEUI protocol for your PPTP tunnel instead of, or in
addition to, TCP/IP.
4. By default, most routers and firewalls prevent the transmission of
NetBIOS names unless you enable UDP ports 137 and 138 and TCP port 139.
Try to enable UDP ports 137 and 138 and TCP port 139 across all routers
and firewalls between the PPTP/VPN client and PPTP/VPN server.
5. Make sure the client has correct DNS, WINS and Master Browser
settings.
6. Make sure the default gateway points to the remote network rather
than to the ISP.
7. Some ISP might block ports required for NetBIOS name broadcasts.
8. If WINS address is not distributed upon connection to VPN, LMHOSTS
should be configured to enable Domain to be located.
9. If you try these techniques and the client still can't browse, try
to use UNC to connect to the remote resources by ip, for example, use
the net use h: \\serverip\sharename command.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more
help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting
on http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis,
http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
I want to connect a branch-office to ours through a VPN-connection with
a Juniper-router/firewall both sides. The VPN-connection are working so
I can access the router on the other side with a local
IP(192.168.1.254) and I can reach the server and the clients
IP-addresses through tracert. (On ower side we use 192.168.0.254 to
reach to our router.)

But I can not reach them with their names. Therefore it is not
possible to setup a trust between my old win2000-domain and the new
branch-office-domain with win2003. I can manage the remote
win2003-server with real-VNC and the clients on the other side but
nothing more. What shall I do?



Is it DNS(where)? Is it a port in the Juniper that has to be opened or
something else in the routers? WINS is installed on both servers.



Please help!!



Rolf Edberg

 

[Guest]

Hey guys, was reading thru all your posts, the info from Chicago tech helped,
thanks, I have opted to use a lmhosts file. After I updated the client
trying to connect via the vpn with the lmhosts file,I was able to use unc
paths and and shares from the host network.
pb

That isn't really what I meant about DNS. What you should do is make a
secondary zone on each DNS server, which is a secondary to the primary zone
in the other site. The secondary is a copy of the primary at the other
site.This means that each DNS server can resolve the names for either site.

I had not set WINS to replicate. Now I have. Shall I start push or pull or
shall I leave it as default(push/pull) on both servers?

The second DNS is now the other server on both sides. What shall it be in
the the primary DNS in the main-office-server, in the brach-office-server
and in the Juniper-routers on both sides?

Rolf

You say that you have WINS servers installed in both sites. Have you
set them up to replicate? You really need a network-wide WINS system, not
two LAN-wide WINS systems.

What about DNS . Are the two sites aware of each other? A common
practice is to make each DNS server a secondary for the other. Any DNS
request for a machine in either site can then be resolved locally.

Thanks!
Questions:
1. Shall I install the WINS-server on a client on both sides?The
W2k-server on ower side has a WINS and the w2003-server on the other
side has a WINS.
4. The VPN-line is configured so that the connection between the two
nets is trusted. Prevents the Juniper-routers the UDP and TCP ports
anyway?
Shall the branch-office server DNS forward to the
main-office(192.168.0.1)? In the routers only the one on my side has an
external DNS.
5.What is the Master Browser settings?
6. Default gateway where in the remote network? From the branch-office
to main-office at the server?
Thanks!!!
Rolf

"Robert L [MS-MVP]" <[email protected]> skrev i meddelandet
quoted from http://www.ChicagoTech.net
Unable to browse through PPTP/VPN connection
Symptoms: 1. If the WINS server is on the same computer as the PPTP/VPN
server, and you attempt to connect to a computer using a PPTP/VPN
client, you may experience following problem: 1) The NetBIOS name of
the computer to which you are attempting to connect is not resolved. 2)
You may receive an error message similar to the following error
message: "System error 53 has occurred. The network path was not
found" when using net view or opening Network Knighthood.
2. If the WINS server is not on the same computer as the PPTP server
and you attempt to connect to a computer using a PPTP client, you may
be able to connect to computers on your local area network (LAN), but
you may be unable to connect to network shares or resources on the PPTP
server.
Resolutions: Inability to browse often means the client can't resolve
NetBIOS names.
1. If this is a workgroup network, enable NetBIOS over TCP/IP on the
server and clients.
2. If this is domain network and the WINS server is on the same
computer as the PPTP/VPN server, move the WINS server to a different
computer.
3. Add the NetBEUI protocol for your PPTP tunnel instead of, or in
addition to, TCP/IP.
4. By default, most routers and firewalls prevent the transmission of
NetBIOS names unless you enable UDP ports 137 and 138 and TCP port 139.
Try to enable UDP ports 137 and 138 and TCP port 139 across all routers
and firewalls between the PPTP/VPN client and PPTP/VPN server.
5. Make sure the client has correct DNS, WINS and Master Browser
settings.
6. Make sure the default gateway points to the remote network rather
than to the ISP.
7. Some ISP might block ports required for NetBIOS name broadcasts.
8. If WINS address is not distributed upon connection to VPN, LMHOSTS
should be configured to enable Domain to be located.
9. If you try these techniques and the client still can't browse, try
to use UNC to connect to the remote resources by ip, for example, use
the net use h: \\serverip\sharename command.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more
help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting
on http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis,
http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
I want to connect a branch-office to ours through a VPN-connection with
a Juniper-router/firewall both sides. The VPN-connection are working so
I can access the router on the other side with a local
IP(192.168.1.254) and I can reach the server and the clients
IP-addresses through tracert. (On ower side we use 192.168.0.254 to
reach to our router.)

But I can not reach them with their names. Therefore it is not
possible to setup a trust between my old win2000-domain and the new
branch-office-domain with win2003. I can manage the remote
win2003-server with real-VNC and the clients on the other side but
nothing more. What shall I do?



Is it DNS(where)? Is it a port in the Juniper that has to be opened or
something else in the routers? WINS is installed on both servers.



Please help!!



Rolf Edberg