WINS Registration Issue through IPSEC VPN

["VanCleave Phillip G" <Phillip.VanCleave () phs com>]

Users mapping from their VPN client are unable to access Microsoft resource
domain shares. It appears to be a WINS validation issue. The following was
supplied by the engineer working the issue.


What we have identified is that it is a netbios issue that occurs when the
server is asked to map a drive, and it queries WINS to verify the requestor.
When using the VPN, the client registers with WINS but with the actual
address of the workstation, not his NAT'ed address, so when the server
queries WINS, he gets the wrong address for routing back to the client and
as such drops the connection request. We're forced to NAT for obvious
routing reasons and we can't edit the WINS packets from the client prior to
registering, so the next step is to verify server configs to see why some
seem to query WINS and others don't. Another angle is to see if we can stop
the WINS registration process from the remote client. Early tests seem to
indicate that if the client is not registered, the server will respond
correctly to the map request.


Solo


This electronic message transmission, including any attachments, contains information from PacifiCare Health Systems 
Inc. which may be confidential or privileged. The information is intended to be for the use of the individual or entity 
named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the 
contents of this information is prohibited.  

If you have received this electronic transmission in error, please notify the sender immediately by a "reply to sender 
only" message and destroy all electronic and hard copies of the communication, including attachments.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards