OK, heres a case i just had that may explain why (if you haven't already worked it out) NET USE did/does not work :
Customer has a Sonicwall terminating some Sonicwall home workplaces using ADSL and also terminating some dial-in VPN clients at the GroupVPN SA. Also has a Cisco router, routing to another local site (no VPN). The Cisco router is the default gateway for all servers and PC's, and has routes to the remote Sonicwall home workplace subnets. Now think of this : What happens when a VPN client connects ? It get's an unnumbered IP from the main Sonicwal's LAN IP through the GroupVPN SA. Meaning that PING works fine. But when trying to do a NET USE \\... this is a broadcast, and broadcasts are only propagated through VPN tunnels and although the VPN Client is on a VPN tunnel, it does not have its own IP subnet. Meaning, that the NET USE broadcast is dropped when reaching the Sonicwall's LAN because the Sonicwall sees the broadcast as coming from the same LAN subnet as itself. Solution : use an internal IP address in each VPN client. Found under My Identity in the Sonicwall VPN Client policy editor. Remember to add an extra route to the VPN Client internal IP network on the default gateway. /jesper -----Original Message----- From: John Tolmachoff [mailto:[EMAIL PROTECTED]] Sent: 28. august 2002 17:40 To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- VPN Client [WINS WAS NOT THE ANSWER] OK, because if they had joined the domain, Client for Microsoft Networks would have been automatically enabled. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dude, Curtis Sent: Wednesday, August 28, 2002 7:52 AM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- VPN Client [WINS WAS NOT THE ANSWER] No they are not, at least not through the VPN. They may be part of a domain at the local network they are at. They do however use a local Username and password to get into the shared folder. I actually do this in a batch file for them. I map a drive using NET USE -Curtis > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of John Tolmachoff > Sent: Wednesday, August 28, 2002 10:29 AM > To: [EMAIL PROTECTED] > Subject: RE: [SonicWALL]- VPN Client [WINS WAS NOT THE ANSWER] > > > >I did manage to fix the problem on my own. I simply had to enable > "Client > for Microsoft Networks" on my dial-up adapter. I don't remember having > to do > this in the past on NT Workstation, but maybe the "Upgrade" to Win2k and > WinXP has changed things. > > That fix makes sense, as file sharing is not available until Client for > Microsoft Networks is in use. > > Just curious, are the W2K and WinXP computers joined to a domain? My > guess is they are not. > > John Tolmachoff > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of Dude, Curtis > Sent: Wednesday, August 28, 2002 7:05 AM > To: [EMAIL PROTECTED] > Subject: RE: [SonicWALL]- VPN Client [WINS WAS NOT THE ANSWER] > > Okay, since everyone that responded said USE WINS, I gave it a try. It > did > not change a darn thing. I have never used WINS in the past, and I will > probably never use WINS in my whole life. All WINS does is match a > computer > name to an IP where it cannot be done normally. That's not what I > needed. I > needed to get to a share on a centrally located server, and even using > the > actual IP was still not working ( \\10.0.10.2\sharename ) Thanks for the > suggestion anyway. > > I did manage to fix the problem on my own. I simply had to enable > "Client > for Microsoft Networks" on my dial-up adapter. I don't remember having > to do > this in the past on NT Workstation, but maybe the "Upgrade" to Win2k and > WinXP has changed things. > > Thanks > > -Curtis > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of Dude, Curtis > > Sent: Monday, August 26, 2002 11:46 AM > > To: 'sonicwall@peake. com' > > Subject: [SonicWALL]- VPN Client > > > > > > I have a Soncwall Pro 300 and I have about 12 remote users that > > need access > > to one shared folder on my network. Before I bought the Pro 300 I had > a > > SOHO/10 that had the VPN upgrade, which I tested access to this > folder. I > > was using NT server to share the folder on the LAN, and NT > > workstation from > > my house to gain access to this folder through the Sonicwall VPN > > Client. It > > worked perfect, so I later bought the Pro 300 to do this for the 12 > folks > > that need it. Well I can't really get it working anymore. Really > > the best I > > can do is Get VPN access to services, like DNS, and WEB port 80 > (access to > > the PRIVATE IPs). I can't get to a shared folder. It'really > > weird. Why can I > > ping private IPs on the LAN, but not be able to get to a shared folder > on > > the privatre IP "CANNOT BE FOUND"? EXAMPLE \\10.0.11.2\sharename\ > > > > The server trying to share the folder is still running NT server, and > most > > of the users are using Win2K or XP at this point. Anyone have > > this working? > > HELP!! > > > > -Curtis > > > > --- > > [This E-mail scanned for viruses by Declude/F-Prot AV] > > > > ================================================================== > > ================================= > > To unsubscribe, send email to [EMAIL PROTECTED] In the body of > > the email put the following: unsubscribe sonicwall your_name > > The archive of this list is at > > http://www.mail-archive.com/sonicwall%40peake.com/ > > > > > > > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ======================================================================== > =========================== > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the > email put the following: unsubscribe sonicwall your_name > The archive of this list is at > http://www.mail-archive.com/sonicwall%40peake.com/ > > > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ================================================================== > ================================= > To unsubscribe, send email to [EMAIL PROTECTED] In the body of > the email put the following: unsubscribe sonicwall your_name > The archive of this list is at > http://www.mail-archive.com/sonicwall%40peake.com/ > > > --- [This E-mail scanned for viruses by Declude/F-Prot AV] ======================================================================== =========================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot AV] ======================================================================== =========================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot AV] ==================================================================================================To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
