Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
742
Views
0
Helpful
2
Replies

vpn different subnets

alexbak79
Level 1
Level 1

‎06-28-2011 01:51 PM

Hello experts!

I have a problem unsolved over past few weeks regarding cisco easy vpn server. I have a cisco 887 successfully set up acting as vpn server from which my brother connects via client. The question is simple yet very challenging to implent (I suppose) since I have’t got yet a clear answer:

Suppose we have the most simple vpn server configuration and two different networks: 192.168.1.0/24 from my side 192.168.2.0/24 remote (let’s say easy vpn gives 192.168.2.2/32 to remote client). What configuration is needed on the ROUTER! Not on the windows, on the router in order for both of us to see computers AND workgroups (if applicable) on network neighborhood?

Finally on a site to site vpn I had also the same problem: nothing was viewable on network neighborhood, yet connectivity existed between computers.

That’s all. Thank you in advance

PS If I issue the command tracert 192.168.1.2 on windows the name can be resolved..

Labels:
0 Helpful
2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

‎07-05-2011 01:50 PM

Hi Alex,

If I recall correctly Windows uses broadcast messaging  using NetBIOS, unfortunately  NetBIOS is not supported over VPN tunnel as it sends broadcasts/multicasts to the network in order to perform the name resolution discovery etc..

You may be able to  workaround this issue  using L2L Vpn, but  you would need to use  GRE  over Ipsec   and forward NetBIOS  protocols   and have GRE   carry  broadcast/multicast  traffic over the Ipsec  tunnel in order  for network neighborhood to work properly.   This implementation is done  by  two routers where the VPN   terminate Ipsec tunnels   such as seeing in  L2L  VPNs , but this is not possible in a  windows ipsec VPN  client to VPN server  scenario that Im aware of .

 

Regards

Jorge Rodriguez
0 Helpful

alexbak79
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-05-2011 05:54 PM

Hello, thanks for reply

As for site to site vpn i mentioned, i applied ipsec over gre using a cisco 887 and an old 877 on the other end. Even though i used mechanisms like ip multicast-routing, ip helper-address, directed broadcasts etc. on both ends on various interfaces (svi vlan, tunnel etc) and even using routing protocols not just static route... still nothing.

I hope you have understood by far that i want both ends seem like one network (no! i don't want my network to be extended)

As for easy vpn server <-> client i did also the same... still nothing but i'm not sure if the above scenario can work using this tecnique :/

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents