VPN Connections

[cartman101]

I have set up a VPN connection from a remote office to our main server using 2 Cisco PIX501 firewalls. I have established a tunnel between the two firewalls and can ping from one network to the other using both IP address and computer name.

However I cannot connect to any networked shared drives or printers.

The IP address range of the main network is 10.2.5.xxx,
and the IP address range of the remote network is 10.2.10.xxx.

I have set up the 2k3 server as a DNS and a WINS server, but without any success.

Any help solving this problem would be appreciated.

Thanks
Mike

[natcom]

Try this: map a drive to a share you know you have access to.

For instance - if 192.168.2.110 is a server and it has a share called "open" then do this at a command line:

net use G: \\192.168.2.110\open

Note, you must have permissions to the share to do this. Another option is to do a net view

C:\WINDOWS>net view /?
The syntax of this command is:

NET VIEW
[\\computername [/CACHE] | /DOMAIN[:domainname]]
NET VIEW /NETWORK:NW [\\computername

[silencio]

Where does the DNS/WINS server sit? Does it have entries for one network or both?

[cartman101]

natcom,

Thanks for your assistance, if I enter the command line
net use G: \\10.2.5.5\public
ehere 10.2.5.5 is the IP address of the server and public is a directory which has open access to all users.

I get the responce "System error 53 has occured. Network pathe not found"

If i enter the command
net view \\jsi /domain:jsiuk
where jsi id the name of the server and jsiuk is the domain name i get the same responce as above.

silencio,

Thanks for your assistance also.
The DNS/WINS server is located at the main office, at the remote office the PIX firewall acts as a DHCP server to issue IP addresses (as recommended by Cisco), and this points to the main server as DNS and WINS server.

The DNS entries in the main server do not include anything for the remote network, I would appreciate any advice on including this.

The WINS includes static entries for the remote PC's (Obviously not suitable for DHPC assigned IP addresses, but this will be resolved after we gain acces to the main network.


Thankyou both again for trying to help, any further assistance is greatly appreciated.

Regards

Mike

[natcom]

natcom


Thanks for your assistance, if I enter the command line
net use G: \\10.2.5.5\public
ehere 10.2.5.5 is the IP address of the server and public is a directory which has open access to all users.

I get the responce "System error 53 has occured. Network pathe not found"

If i enter the command
net view \\jsi /domain:jsiuk
where jsi id the name of the server and jsiuk is the domain name i get the same responce as above.

silencio,

Thanks for your assistance also.
The DNS/WINS server is located at the main office, at the remote office the PIX firewall acts as a DHCP server to issue IP addresses (as recommended by Cisco), and this points to the main server as DNS and WINS server.

The DNS entries in the main server do not include anything for the remote network, I would appreciate any advice on including this.

The WINS includes static entries for the remote PC's (Obviously not suitable for DHPC assigned IP addresses, but this will be resolved after we gain acces to the main network.


Thankyou both again for trying to help, any further assistance is greatly appreciated.

Regards

Mike

Error 53 is a Name Resolution error

Can you put an LMHOSTS file in the DOS Partition?

Add the server you want to connect to to the LMHOSTS File and try it again

[cartman101]

natcom

Thanks again for the assistance.

I do not have a DOS partition on the remote computer (Running XP from NTFS partition)
I have a LMHOST file specified on the remote PC, it is located in the WINDOWS/System32/Drivers/etc

This file contains the following line
JSIUK [1Bh] Domain Master Browser 10.2.5.5 Active 10.2.5.5 17 20/06/2004 11:17:34

I think that the SRV part of the DNS may not be working, can this be easily "switched on".

Further help appreciated.

Regards

Mike

[natcom]

Hi mike on the remote machine run Net diag tell me what you get

You need to install net diag from the windows xp cd run setup from the support directory

[cartman101]

natcom,

Thanks again for your assistance.

Outout from netdiag:-

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: VPNTEST
DNS Host Name: VPNTest.jsiuk.local
System info : Windows 2000 Professional (Build 2600)
Processor : x86 Family 6 Model 6 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB821557
KB823182
KB823559
KB823980
KB824105
KB824141
KB824146
KB825119
KB826939
KB828028
KB828035
KB828741
KB835732
KB837001
KB839643
KB840374
Q147222
Q308387
Q309521
Q311889
Q311967
Q312368
Q313450
Q314862
Q315000
Q315403
Q317277
Q318138
Q319580
Q323172
Q323255
Q324096
Q324380
Q326830
Q328310
Q328940
Q329048
Q329115
Q329170
Q329390
Q329441
Q329834
Q331953
Q810565
Q810577
Q810833
Q811493
Q811630
Q814033
Q815021
Q817287
Q817606
Q819696
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : VPNTest.JSIUK.LOCAL
IP Address . . . . . . . . : 10.2.10.3
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.2.10.1
Primary WINS Server. . . . : 10.2.5.5
Dns Servers. . . . . . . . : 10.2.5.5
212.23.8.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Failed
The test failed. We were unable to query the WINS servers.

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 0008024cac5b
Frame type . . . . . . : 802.2



Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000001
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000001
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : acec20524153
Frame type . . . . . . : Ethernet II




Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{0A74C3B5-69B1-495D-9CBD-EDFAFF15D6B4}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed


Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{0A74C3B5-69B1-495D-9CBD-EDFAFF15D6B4}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{0A74C3B5-69B1-495D-9CBD-EDFAFF15D6B4}
The browser is bound to 1 NetBt transport.
[FATAL] Cannot send mailslot message to '\\JSIUK*\MAILSLOT\NET\NETLOGON' via
redir. [ERROR_BAD_NETPATH]


DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'JSIUK'. [ERROR_NO_SUCH_DOMAIN]


DC list test . . . . . . . . . . . : Failed
'JSIUK': Cannot find DC to get DC list from [test skipped].


Trust relationship test. . . . . . : Failed
'JSIUK': Cannot find DC to get DC list from [test skipped].
[FATAL] Secure channel to domain 'JSIUK' is broken. [ERROR_NO_LOGON_SERVERS]



Kerberos test. . . . . . . . . . . : Skipped
'JSIUK': Cannot find DC to get DC list from [test skipped].


LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.

[WARNING] Cannot find DC in domain 'JSIUK'. [ERROR_NO_SUCH_DOMAIN]


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information


The command completed successfully



Regards

Mike

[natcom]

natcom,

Thanks again for your assistance.

Outout from netdiag:-

C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: VPNTEST
DNS Host Name: VPNTest.jsiuk.local
System info : Windows 2000 Professional (Build 2600)
Processor : x86 Family 6 Model 6 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB821557
KB823182
KB823559
KB823980
KB824105
KB824141
KB824146
KB825119
KB826939
KB828028
KB828035
KB828741
KB835732
KB837001
KB839643
KB840374
Q147222
Q308387
Q309521
Q311889
Q311967
Q312368
Q313450
Q314862
Q315000
Q315403
Q317277
Q318138
Q319580
Q323172
Q323255
Q324096
Q324380
Q326830
Q328310
Q328940
Q329048
Q329115
Q329170
Q329390
Q329441
Q329834
Q331953
Q810565
Q810577
Q810833
Q811493
Q811630
Q814033
Q815021
Q817287
Q817606
Q819696
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : VPNTest.JSIUK.LOCAL
IP Address . . . . . . . . : 10.2.10.3
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.2.10.1
Primary WINS Server. . . . : 10.2.5.5
Dns Servers. . . . . . . . : 10.2.5.5
212.23.8.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Failed
The test failed. We were unable to query the WINS servers.

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 0008024cac5b
Frame type . . . . . . : 802.2



Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000001
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000001
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : acec20524153
Frame type . . . . . . : Ethernet II




Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{0A74C3B5-69B1-495D-9CBD-EDFAFF15D6B4}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed


Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{0A74C3B5-69B1-495D-9CBD-EDFAFF15D6B4}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{0A74C3B5-69B1-495D-9CBD-EDFAFF15D6B4}
The browser is bound to 1 NetBt transport.
[FATAL] Cannot send mailslot message to '\\JSIUK*\MAILSLOT\NET\NETLOGON' via
redir. [ERROR_BAD_NETPATH]


DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'JSIUK'. [ERROR_NO_SUCH_DOMAIN]


DC list test . . . . . . . . . . . : Failed
'JSIUK': Cannot find DC to get DC list from [test skipped].


Trust relationship test. . . . . . : Failed
'JSIUK': Cannot find DC to get DC list from [test skipped].
[FATAL] Secure channel to domain 'JSIUK' is broken. [ERROR_NO_LOGON_SERVERS]



Kerberos test. . . . . . . . . . . : Skipped
'JSIUK': Cannot find DC to get DC list from [test skipped].


LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.

[WARNING] Cannot find DC in domain 'JSIUK'. [ERROR_NO_SUCH_DOMAIN]


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information


The command completed successfully



Regards

Mike

You will need either WINS on the server, or an LMHOSTS file on the workstation.
Also, make sure the remote PC is in the same WORKGROUP as the office network...
if you want to setup WINS read below

1) Setting up WINS involves loading the WINS server on one of your servers. Once loaded you need to specify the IP address of the WINS server on each client. You should also configure the WINS server as a client of WINS, in case you need to use other resources on this server. On the remote network, the routing must be set up to get to your network.
If you want to use lmhosts, then look at the sample file provided. It's called lmhosts.sam. Basically you provide IP to netbios name resolution here. Use #PRE and #DOM:domainname switches for servers and domain controllers. Remember that these switches are cse-sensitive. All workstation will need this file and the file name must be lmhosts. There is no extension to this name. Look at the sample file,

I personally think your best option will be the LMHOSTS file

http://www.realcomputerguy.com/lmhosts.htm
http://support.microsoft.com/default...b;en-us;314884

i hope this help

[cartman101]

The continued help is appreciated

I have entered a lmhosts file on the remote PC and the Server.

Remote PC (10.2.10.3)

10.2.5.5 jsi #PRE #DOM:JSIUK.LOCAL
10.2.5.131 mike #PRE

Server (10.2.5.5)

10.2.5.5 jsi #PRE #DOM:JSIUK.LOCAL
10.2.10.3 VPNTest #PRE

I am still unable to access the network drives.

Further information, I tried to reconnect to the the Domain using the System icon in the Control Pannel - Computer Name tab.

Network ID, This computer is part of a business network,.... My company uses a network with a domain.

Entered user name password and domain (JSIUK.LOCAL)
Entered Computer name and domain (JSIUK.LOCAL)

andreceived the following in the details section of the error report:-



The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain JSIUK.LOCAL:

The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)

The query was for the SRV record for _ldap._tcp.dc._msdcs.JSIUK.LOCAL

The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:

10.2.5.5

Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.

For more information on how to correct this problem, click Help.




Thanks again for your continued assisance

Mike