VPN and remote network (share) access

[Guest]

I am having trouble with a new XP-based laptop not being able to access
shared files on our network via our VPN.

Here are the details:
Corporate Server is running Windows 2003
All other local and remote desktops and laptops are running Windows 2000.
We use no-ip.com to manage the IP address for the VPN server.
We use a Netgear FVl328 VPN/Firewall/Router.

At the remote site, we have a Windows 2K PC, the new XP laptop, cable model
and a Linksys wireless router. THE 2K PC CAN CONNECT TO THE VPN AND THE
NETWORK RESOURCES JUST FINE. The XP machine connects to the VPN but when it
tries to access the shared files from the server it gets the message
(eventually):
"\\servername\share is not accessible. You might not have permission to use
this network resource. Contact the administrator of this server to find out
if you have access permissions. The network path was not found."

Note that I am using the same account to log in on the 2K and XP machines.

Here are some things I have tried:
Turned off the Windows firewall (so that both machines have same protection)
Edited the lmhosts file to include the server (which is also the domain
controller).
Used nbtstat to see if I can replicate at least some of the results I get on
the 2K machine. E.g. if I do nbtstat -s while I am waiting for the attempt
to access the network files to fail, I do get a state of Connecting to the
correct remote host.
Both net view \\remoteip and net view \\remotepcIP return System error 53.
Trying to force a connection with net use F: \\ipaddress\share using the
ipaddress from the VPN Details returns System error 53.

Basically, what got messed up in XP (or maybe made stricter?) that is
causing this problem?

Thanks for any help you can provide.

 

[Guest]

Some more details that might help:
I do have NetBios over TCP/IP checked
We are using a point to point tunnel over the Internet

 

[Guest]

Firewall rules on the server or client are the most likely. Remeber that VPN
needs a port forwarded to the server (1723) and a special protocol (47) -it's
the protocol that usually gets overlooked.

HST, I'm amazed that anyone would try to use VPN witha dynamic IP - it would
be far preferable to have static IPs at BOTH ends, particulalry as that would
allow for firewall-rules giving much better security. One of the concerns
with VPN is that if a user has access, they have full access, same as in the
office, and you cannot restrict that access to say, readonly. Thus you need
to be very careful about intrusion risks, and it would be better to restrict
its use to specified client IPs.

After evaluating this situation and deciding the risks were too great, we
went with the Filezilla secure FTP client instead for the handfiul of roaming
users that need IP-unrestricted access. Might not suit your needs, but it
allows far better control over security, as a user doesn't HAVE to have
write-access to everything they do in the office.

 

[Guest]

Ian,
Thanks for your comment but remember I already have a number of workstations
that run Windows 2000 and connect to the VPN just fine (so its not a server
issue) and I am still unable to connect from the XP machine even if I turn
off the local PC firewall (so it is not a client issues). Another machine
using the same router to the cable modem (and therefore using the same
firewall through the ISP) running Windows 2000 also connects just fine.

Regarding your concerns via the dynamic IP - we have only a few users that
need access and we are able to both protect other networks and shares from
any access, so it works great for us.