I am having problems getting browsing to work through my VPN tunnel. I am using a 3005 running 3.5, I am using the 3.03-b-k9 client on my system. The problem is this, I log onto the VPN, everything goes fine, but I can't browse network neighborhood. I can do a \\hostname or \\ipaddress and get to the computer I want to access, but there is no browse list. Has anyone had this issue? is it correctable? Or is this just a case of netbios not working with the implementation? Thanks in advance for any help.
I'm having the same problem.
I'm using cisco 1751 with IOS 12.2.8T and VPN Client 3.5.1 . I can ping all the LAN (it's on a different subnet also) and I can also BROWSE the machine by IP with \\ipaddress or if i setup an HOST file i can also do it by name but my W2000 client does not seem to use the WINS set up! It is registered on the WINS and the LAN can ping it by netbios name. but he's not taking info from the wins.
May be your problem is on Access List on the interfaces. Try to diasble all ACL on WAN an LAN interfaces.
Let me know.
The access-lists won't matter, the packet goes through the public access-list before it's decrypted, so all the public interface sees is ipsec through a tunnel that allows all established vpn traffic through. And I have no access list on the inside interface so the traffic isn't getting stopped on the way out either. As you said, the box register itself in WINS and can ping by netbios name, but you just can't browse.
How long are you waiting before you see the browse lists? If this is a Microsoft OS make sure that "client for Microsoft Networks" and "File and Print sharing" are turned on.
I have waited for as long as an hour. I would expect everything to come up in around 15 minutes. They are Microsoft OS, a collection of clients, 98, Win2k and WinXP. If I plug the box into the LAN I can browse fine which leads me away from a client misconfiguration issue. Today I tried hardcoding the WINS server from the LAN into the remote computer with no success. FYI the LAN is a flat network.
Sorry about that, yes File and Print sharing is turned on. When the client is on the actual network it works fine, I can see everything.
Since the remote clients are coming up without the network connection established, they are probably taking on the "Master Browser" role. Have you tried disabling this?
Good thought, I have tried it with the browser service set for off, participate in browser elections and always assume master browser status. Still dosent work. The curious thing is you can see the master browser using browser monitor from the Win2k Resource kit.
Is this a native AD or an NT domain. If it is a native AD, turn on use Wins for DNS on the domain controller. Are the VPN clients being assigned an address range the same as the inside hosts/master browser? If not, what if the clients lie on the same subnet. The vpn clients should not be set as master browser or even backup browser, you set this on the machine on the internal lan.
Guess I'm a little confused here. Deciding to use WINS or DNS is a client choice isn't it? No matter what I set the resolver to on the DC if the client is Win98 it will act differently then say WinXP. Or am I talking about something completly different here? As for the second question, I misspoke earlier, I have a a client subnet, a server subnet and a vpn subnet, I have placed a box on the vpn subnet that has the master browser switch in the registry to always on, when you vpn in and use broswer monitor from the Win2k resource kit you see it listed as the master browser for the subnet, you check WINS and it has the appropriate listing there as well. Im about to forget about this and flatten the vpn subnet into the client subnet and cure my problem the old fashioned way.
My two cents, first of all make sure that your WINS or DNS(if its Win2K environment) are working properly at the central site. Secondly the machine through which you are connecting to central site must have the same DOMAIN name as of the central site. It seems absurd but it works.
What is the remote client, and is the same type on the internal network? All NT or all 98 will (or used to) work differently than a network with mixed types; and you may end up using a browse master with incompatible type or incomplete list.
We are having a similar issue. We have W2K Server and we're authenticating against the Active Directory using the IAS in Win2K. We're using the new vpnclient-win-3.5.1.B-k9.
The VPN is working great. We can connect to the LAN and surf to internal IIS servers. We can do a 'net send' to all computers internally and even run Terminal Services on any of our Win2K servers.
So what's the problem? We are having sporadic results in browsing the network. We get only the client listed in the Network Neighborhood. When we type in the UNC 'SOMETIMES' it will do type ahead prediction on the share, ie it's connected and got a list of avilable shares. Mostly, though, it just sits there for ages and times out.
When we click on the VPN Dialer icon in the system tray it reports the correct IP as being from a different network (172.16.128.x for internal and 172.16.129.x for VPN). It says that LAN access is disabled even though the check box is clicked in the properties and we even tried it without the check box, but it doesn't seem to matter.