Just tell your user community that it's a security issue. After all what are they doing browsing the domains and workgroups anyway?
As long as "net use" works successfully (especially by computer name and not IP address) I don't really see an issue. It seems to me to be an education issue with management that browsing is important. So... how are your political workplace skills? Marc > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 11:54 AM > To: [EMAIL PROTECTED] > Subject: Re: VPN issue > > > 1. NetBEUI is broadcast; NetBIOS is not *necessarily* so. > > 2. Browsing is not really a NetBIOS thing, and (definitely* doesn't > depend on WINS. > > Browsing depends on the client's ability to locate a "browse > master" on the current segment for its domain/workgroup. If it > can't, it will call for an "election" to fill this role. > > My experience with the Altiga/Cisco 30xx VPn boxes was that NT/2000 > clients were able to browse the internal domain after a brief delay. > Windows 9x clients never managed to do this. > > Since Windows 9x *were* able to mount internal shares via the "net > use" command line (which *does* us NetBIOS and WINS), we didn't sweat > the fact that browsing never worked. Since it worked fine for > NT/2000 clients, we assumed the defect was in Win 9x itself and not > in our VPN configuration. > > DG > > > On 22 Jan 2002, at 18:09, Andrew J. Caird wrote: > > > Tim, > > Browsing Windows networks is a NetBIOS function, and that > > is, as I understand it, a broadcast protocol. For VPNs to > > work, your network is different from the other network > > (the office in your case), and broadcasts don't cross > > subnet boundaries unless there is something to help them > > do so. > > > > One option is to put a WINS server in each location, and > > share NetBIOS information between the WINS servers. This > > is probably a bit much for your home. > > > > Another option (and I'm reaching here) is to use what some > > firewalls offer (not sure about Cisco, I think Checkpoint > > does) to solve this problem; you get handed an address > > internal to the network and it does some NAT stuff and it > > looks like you are on the network, and you'll see the > > NetBIOS broadcasts and all will be well. Again, I'm sure > > someone else on this list can expand on/correct these > > statements. > > > > Another option is to use a NetBIOS "helper"; some switches > > have this (which won't help you with your VPN problems, > > but it may clear up the concept for you a little). You > > might look into Samba, who's nmbd can forward WINS > > information across subnets; see in particular the "wins > > server" stanza in the smb.conf file and smb.conf(5) if you > > look at this option. > > > > Hope this helps. > > -- > > Andrew Caird Uniphied Thought > > [EMAIL PROTECTED] 313.550.8408 www.uniphied.com > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
