Currently, I have Cisco 506e PIX and a Linksys VPN end-point router connected. I have NetBIOS Broadcast enabled on the Linksys, but not able to use "\\\\workstation1" to access remote computer. But if I use the actually IP address of that workstation, it is ok ("\\\\192.168.1.100").
Does WINS work on a site-to-site VPN setup?
In article , Latest News wrote: :Currently, I have Cisco 506e PIX and a Linksys VPN end-point router :connected. I have NetBIOS Broadcast enabled on the Linksys, but not
That option is Linksys specific and not generally supported on other devices.
:able to use "\\\\workstation1" to access remote computer. But if I use :the actually IP address of that workstation, it is ok :("\\\\192.168.1.100").
:Does WINS work on a site-to-site VPN setup?
WINS does, yes, but the NETBIOS option is there to allow hosts to avoid having to have a WINS server configured. I gather that the option causes NETBIOS broadcasts to be forwarded through the VPN; normally broadcast packets are not forwarded. -Probably- the PIX is discarding the packet when it sees the destination IP is a broadcast IP.
The Linksys NETBIOS broadcast options does exactly what Walter indicated. NETBIOS broadcasts are sent over the VPN tunnel to another Linksys. The PIX does not support this behaviour. You MIGHT be able to accomplish this with an IOS based router by configuring an ip helper-address with the far end LAN segment directed broadcast address.
If I'm reading this correctly, you've configured a LAN-toLAN VPN tunnel? Have you considered setting up VPN groups on the PIX and using the Cisco client to connect? It will allow you to assign WINS servers with your group assignments on the PIX, giving you access to the NetBIOS resources. HTH
Robert
We have some remote users using Cisco VPN Clients. But this particular site has 2 computers with router. And the router only allows 1 IPSEC pass-through at one time. This is the reason for the site 2 site. Luckily, the router is a Linksys VPN end-point.
The only other problem is since the router uses a dynamic public IP, how to configure PIX to accept router but disregard what IP it is using.
Latest
I think I might have to use crypto dynamic-map way, because I forgot to mention that office has a hardware IP phone (Nortel i2004). The phone has only limited configuration. So the router needs to do the VPN connection for it.
In article , Latest News wrote: :We have some remote users using Cisco VPN Clients. But this particular :site has 2 computers with router. And the router only allows 1 IPSEC :pass-through at one time.
Turn on isakmp nat-traversal 20 on the PIX and you will be able to have several VPN clients simultaneously.
:The only other problem is since the router uses a dynamic public IP, :how to configure PIX to accept router but disregard what IP it is :using.
You don't really want to do that as stated.
To allow connection from dynamic IP'd hosts to the PIX via IPSec, either go the vpngroup route, or else configure a crypto dynamic-map and inject that into your current crypto-map . See the PIX reference manual for more information.
If you only have two computers at the remote site ( assuming this is the site with the Linksys), then just set up an LMHOSTS file for the NETBIOS resources they need to access. That way you do not have to modify you VPN setup at all ...
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.