Local firewall on the machine itself? Do newer versions of the Windows Firewall block accesses from outside their own subnet?
---- Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Bob Hartung <[email protected]<mailto:[email protected]>> Reply-To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Date: Wed, 16 Mar 2011 10:02:38 -0400 To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Subject: RE: R: DNS Issue Thanks. Handy utility. I used NMAP, both on the local LAN and on the remote site. Local PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 7.0 Remote PORT STATE SERVICE VERSION 80/tcp filtered http The help file shows... filtered Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. This is indeterminate but suggests that the firewall may be interfering. Still waiting for the firewall tech support to get back to me. ---------------------- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com ________________________________ From: Ziots, Edward [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Wed, 16 Mar 2011 07:43:10 -0500 Subject: RE: R: DNS Issue Is you want to see if port 80/433 is open on the end-point device a simple NMAP command will tell you this ( If there is an acl on therouter/VPN) it will show ( Filtered) Nmap –sS –P0 –p 80,443 IP_ADDRESS_OF_Server Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected]<mailto:[email protected]> Cell:401-639-3505 From: Kim Longenbaugh [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, March 15, 2011 11:43 AM To: NT System Admin Issues Subject: RE: R: DNS Issue That verifies routing is good. Check the logs for your VPN device to see what’s happening to the http traffic. It’s likely being dropped or blocked. From: Bob Hartung [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, March 15, 2011 10:39 AM To: NT System Admin Issues Subject: RE: R: DNS Issue Here's a sample trace... C:\>tracert win2k8-1 Tracing route to win2k8-1.wiscoind.local [172.16.1.6] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms InstagateAL.wiscoind.local [172.17.1.2] 2 * * * Request timed out. 3 * * * Request timed out. 4 71 ms 65 ms 65 ms win2k8-1.wiscoind.local [172.16.1.6] ---------------------- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com ________________________________ From: Cameron Cooper [mailto:[email protected]<mailto:[email protected]>] To: NT System Admin Issues [mailto:[email protected]<mailto:[email protected]>] Sent: Tue, 15 Mar 2011 10:37:01 -0500 Subject: RE: R: DNS Issue Tracert the IP and see where it’s routed. We have a separate LAN that connects via VPN and in order for the PCs to access exchange we placed a persistent route in the route tables that point all email traffic through the VPN. Thank you, _____________________________ Cameron Cooper System Administrator | CompTIA A+ Certified [/webmail/mailAttach/image.cid?folder=&uid=&[email protected]] Phone: 847-890-4021 | Fax: 847-255-1896 [email protected]<mailto:[email protected]> | www.aurico.com From: Bob Hartung [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, March 15, 2011 10:30 AM To: NT System Admin Issues Subject: Re: R: DNS Issue I answered to quick. When you say the routing, I'm not sure what you mean. The webserver's address is resolved through AD. And the individual subnets are sites in AD. ---------------------- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com ________________________________ From: HELP_PC [mailto:[email protected]<mailto:[email protected]>] To: NT System Admin Issues [mailto:[email protected]<mailto:[email protected]>] Sent: Tue, 15 Mar 2011 10:26:11 -0500 Subject: R: DNS Issue Is the routing distributed by the DHCP server ? GuidoElia HELPPC ________________________________ Da: Bob Hartung [mailto:[email protected]<mailto:[email protected]>] Inviato: martedì 15 marzo 2011 16.19 A: NT System Admin Issues Oggetto: DNS Issue I have two locations connected via VPN. The main location LAN is 172.16.x.x and the remote location is 172.17.x.x. I'd like users on the 172.17.x.x end to access a webserver on the 172.16.x.x end but it doesn't work and I'm not sure why. The users at the 172.17.x.x end have their Win2003 server as their DNS server. I can ping both the webserver's name and IP address from the 172.17.x.x PCswithout problem. The webserver's name resolves to the IP address. All our servers and users are members of a single domain, just on differentsubnets. What am I missing? ---------------------- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
