Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite
-
@dashrender said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
The final challenge hasn't been solved yet. When connected to the remote access VPN, I can access a file share using \servername\sharename; however, I cannot access the file share using my DFS namespace \domain.com\shares\sharename. I created our DFS namespace a few years ago when I deployed AD, during my dark ages of not truly knowing what I was doing, so the DFS + VPN issue should likely be another thread.
Likely a DNS issue. How are your VPN users resolving \servername today? Do you have hosts entries? or are you pushing DNS entries along with the IP for the VPN connection?
They're getting a DNS server along with the IP when they connect on the VPN. That DNS server is our domain controller. On the client computer, I've also configured a DNS suffix on the VPN's network adapter.
-
So what happens when you ping domain.com?
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dashrender said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
The final challenge hasn't been solved yet. When connected to the remote access VPN, I can access a file share using \servername\sharename; however, I cannot access the file share using my DFS namespace \domain.com\shares\sharename. I created our DFS namespace a few years ago when I deployed AD, during my dark ages of not truly knowing what I was doing, so the DFS + VPN issue should likely be another thread.
Likely a DNS issue. How are your VPN users resolving \servername today? Do you have hosts entries? or are you pushing DNS entries along with the IP for the VPN connection?
They're getting a DNS server along with the IP when they connect on the VPN. That DNS server is our domain controller. On the client computer, I've also configured a DNS suffix on the VPN's network adapter.
Could be offline files being enabled because of the slow VPN link. Windows 10?
-
@wirestyle22 That make sense. As this looks like it "resolves"
\\domain.com\shares\pathToFolderRedirection
, yet\\domain.com\shares\someOtherShare
fails. -
@eddiejennings Control Panel > Sync Center > Manage Offline Files > Disable Offline Files
Test that just to see. You will need to reboot.
-
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings Control Panel > Sync Center > Manage Offline Files > Disable Offline Files
Test that just to see. You will need to reboot.
That seemed to work. Enabling it again prevented me from accessing DFS shares.
-
@dashrender said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
So what happens when you ping domain.com?
Couldn't find a host.
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
The next challenge was being able to access the colo's ERL from the office. To do this, I had to add a rule to the WAN_LOCAL ruleset on the Colo's ERL, to allow traffic tp TCP 22 and 443 from 192.168.2.0/24. I had to do the same for 192.168.1.0/24.
Or you could just allow new from IPSEC packets.
jbusch@jared:~$ show configuration commands firewall | grep "rule 40" set firewall name WAN_LOCAL rule 40 action accept set firewall name WAN_LOCAL rule 40 description 'Allow IPSEC' set firewall name WAN_LOCAL rule 40 ipsec match-ipsec set firewall name WAN_LOCAL rule 40 log disable set firewall name WAN_LOCAL rule 40 protocol all set firewall name WAN_LOCAL rule 40 state established disable set firewall name WAN_LOCAL rule 40 state invalid disable set firewall name WAN_LOCAL rule 40 state new enable set firewall name WAN_LOCAL rule 40 state related disable
-
@EddieJennings did you resolve your issue?
-
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
Awesome
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
-
It seems odd that performance would be an issue here. When accessing files you want the most live, up to date files, so as long as you have access, you should be getting them from the server.
What am I missing here.
-
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
I do. For the internal office people, the main profile folders (Desktop, Documents, etc.) are redirected to network storage. When you have folder redirection, I believe Offline files are enabled by default.
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
I do. For the internal office people, the main profile folders (Desktop, Documents, etc.) are redirected to network storage. When you have folder redirection, I believe Offline files are enabled by default.
They are, but they don't have to be.
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
I do. For the internal office people, the main profile folders (Desktop, Documents, etc.) are redirected to network storage. When you have folder redirection, I believe Offline files are enabled by default.
Okay, but you don't have to have Offline files enabled, do you have users coming in and out with laptops from officess?
-
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
I do. For the internal office people, the main profile folders (Desktop, Documents, etc.) are redirected to network storage. When you have folder redirection, I believe Offline files are enabled by default.
Okay, but you don't have to have Offline files enabled, do you have users coming in and out with laptops from officess?
Yes, me.
The folks who have laptops and occasionally come into the office, don't have folder redirection enabled. I'm the only person who would be affected by this; thus, I think my work around will just be using UNC paths if I need to get to file shares when I'm at home and connected to the VPN. -
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
I do. For the internal office people, the main profile folders (Desktop, Documents, etc.) are redirected to network storage. When you have folder redirection, I believe Offline files are enabled by default.
Okay, but you don't have to have Offline files enabled, do you have users coming in and out with laptops from officess?
Yes, me.
The folks who have laptops and occasionally come into the office, don't have folder redirection enabled. I'm the only person who would be affected by this; thus, I think my work around will just be using UNC paths if I need to get to file shares when I'm at home and connected to the VPN.Now you've lost me. I didn't really understand your earlier thing either between the two different UNCs you posted - can you expand up on that?
-
@dashrender Yes. When I'm connected to the remote access VPN and Offline files are enabled, this condition occurs.
\\mydomain.com\shares\theITDeptShare
fails.
\\serverName\theITDeptShare
works. -
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dashrender Yes. When I'm connected to the remote access VPN and Offline files are enabled, this condition occurs.
\\mydomain.com\shares\theITDeptShare
fails.
\\serverName\theITDeptShare
works.Right, so the question is - why is your machine not resolving mydomain.com?
You could likely easily solve this with a host file entry for mydomain.com (though perhaps not if the IP stack doesn't see mydomain.com as a valid host name, not sure).