Connected over IPSEC - unable to map network drive

mitchen · ‎03-03-2006

We had a remote site with a single PC connected directly to our head office router over ISDN. We were able to map a network drive to this PC without a problem.

We changed to an ADSL connection - which meant, a Cisco 837 router at the remote site building an IPSEC tunnel terminating on our Head office PIX, then routed to the internal head office router. This also meant IP address change for the remote PC.

Everything seemed to work - established connectivity over IPSEC with the remote ADSL.

Established connectivity via ping with the remote office PC's new IP address.

However, when we try to map the network drive, it times out.

I can't see anything on the remote router which would be blocking netbios traffic or anything. So any ideas why this is not working and what I can do to fix it?

On our PIX firewall, I can see TCP connections being built to the remote PC but then torn down with the following message:

2006-03-03 12:29:34 Local4.Info 172.16.10.8 Mar 03 2006 12:27:22: %PIX-6-302014: Teardown TCP connection 903780 for outside:10.10.10.100/3000 to inside:172.96.32.32/1745 duration 0:02:01 bytes 0 SYN Timeout

(Note: actual IP addresses have been changed!)

If anyone has any ideas, please let me know!

Thanks.

jackko · ‎03-04-2006

according to a cisco doco, it states "IPSec does not encapsulate NetBIOS broadcast traffic. A WINS server is required to map a drive on the Microsoft network."

http://www.cisco.com/warp/public/471/vpn-net-hood.html#map

although the doco refers to vpn client, however, i do think this fact applies to your issue as well.

mitchen · ‎03-06-2006

Hi jackko,

thanks for the assistance.

We had already tried giving the remote PC the address of our WINS server (which is at our head office) in it's IP configuration, but this still didn't work.

Is there anything I need to configure in the router itself for using a WINS server? Or is there something else I need to do?

Thanks.

arvindchari · ‎03-06-2006

Rather than specifying the WINS server, you might want to try using a static entry pointing to the ip address of the file server in the lmhosts file

HTH

Please rate posts that help.

Regards

Arvind

mitchen · ‎03-07-2006

Ok, the situation we now have is - on the remote machine, we can successfully map a network drive to servers at our Head Office.

However, we cannot map in the opposite direction.

i.e. from a machine in head office, we want to map a network drive to the remote machine's drive. But this is not working.

Does anyone have any other suggestions?

What could be causing it to work one way and not the other?

matt.witmer · ‎03-24-2006

Are you running DNS? You can try adding VPN clients to a DNS server (statically or dynamically) that syncs with your primary Domain DNS server. DNS in Win2k3 is supposed to work in place of netbios/WINS.

mitchen · ‎03-24-2006

Hi, thanks for the response.

I should have said - we actually managed to resolve this issue.

It seems to have been some strange IOS issue - I changed the IOS on the Cisco 837 router from 12.3(2)XE3 to 12.3(2)XC2 (which is what we had been running at some other sites, where we could map network drives without a problem) and everything immediately sprang into life!

No config was changed so looks like it was some bizarre IOS "quirk" though no idea what!

Thanks to everyone for their assistance on this.