Network vpn help

[never_retreat]

I've installed a cisco asa5505 at a friends office.
I worked out most of the kinks, I can connect via the vpn. I can ping stuff around the office, but I can not see the network or network computers. Am I missing some stupid or obvious setting?
The idea behind the vpn is to access a nasd for file sharing and stuff. The nasd pops up like a computer on the workgroup when you are in the building. Also there is no server for anything else.

[Harold Tuttle]

can you load the IP address of a printer into a browser and load the printer's config page?

[41magsnub]

I'll ask the stupid question, did you put in the default gateway on the NAS device?

Can you open the NAS via \\<ip address of nas>  ?

[AZRedhawk44]

Small office/home office?


Windows workstations (as well as network appliances that use SMB/Samba as a file sharing protocol) "advertise" themselves on only the local subnet.  They will routinely initiate a "contest" to see which computer is the "master browser" and acts as a poor man's WINS server.  Typically, the computer that has the most free processing resources will win this contest (RAM/CPU). 

However, computers across subnets will not compete in this process, and will not find a master browser.  It's a broadcast-only event, and would be abhorrent to every TCP/IP engineer on Earth.  It would turn TCP/IP into the AppleTalk stack.

Long story short:  You won't "see" anything in Network Neighborhood across a router hop unless you have a WINS server.  And WINS servers are depricated for the most part anyways.

You'll have to use DNS (your VPN's faux network adapter is receiving its own IP address and DNS settings, right?) to resolve the NAS name to an IP address.  Then type \\nasname\share\folder to access it.  Or possibly even \\nasname.domain.suffix\share\folder.

If you don't have a DNS server in the office to provide this, then the only way you're getting to the NAS is to populate each computer's HOSTS file with the IP of the NAS, or directly access the NAS via \\192.168.x.x\share\folder.

[never_retreat]

Small office/home office?


Windows workstations (as well as network appliances that use SMB/Samba as a file sharing protocol) "advertise" themselves on only the local subnet.  They will routinely initiate a "contest" to see which computer is the "master browser" and acts as a poor man's WINS server.  Typically, the computer that has the most free processing resources will win this contest (RAM/CPU). 

However, computers across subnets will not compete in this process, and will not find a master browser.  It's a broadcast-only event, and would be abhorrent to every TCP/IP engineer on Earth.  It would turn TCP/IP into the AppleTalk stack.

Long story short:  You won't "see" anything in Network Neighborhood across a router hop unless you have a WINS server.  And WINS servers are depricated for the most part anyways.

You'll have to use DNS (your VPN's faux network adapter is receiving its own IP address and DNS settings, right?) to resolve the NAS name to an IP address.  Then type \\nasname\share\folder to access it.  Or possibly even \\nasname.domain.suffix\share\folder.

If you don't have a DNS server in the office to provide this, then the only way you're getting to the NAS is to populate each computer's HOSTS file with the IP of the NAS, or directly access the NAS via \\192.168.x.x\share\folder.

I get the first part but the rest went over my head.
I turned on the win server on the storage device, you were right that did nothing.
We do not have a DNS server, well we have no server what so ever.
Help me out with the host file thing, thats greek to me.
I was also thinking since the nasd has 2 network ports and 2 fixed IP's could I somehow tell the router to look for a certain IP.
Some sort of route or nat?

[AZRedhawk44]

I get the first part but the rest went over my head.
I turned on the win server on the storage device, you were right that did nothing.
We do not have a DNS server, well we have no server what so ever.
Help me out with the host file thing, thats greek to me.
I was also thinking since the nasd has 2 network ports and 2 fixed IP's could I somehow tell the router to look for a certain IP.
Some sort of route or nat?

Not a "win server" in the sense of a Windows file server... a WINS server.  See acronym below.  WINS = Windows Internet Naming Service.

It's a service that runs on a server that correlates IP addresses to machine names.  If you want to find a computer, your WINS client software sends the name lookup request to the WINS server and the WINS server spits back an IP address.  Then you talk to the actual windows computer share you tried to find.

If you don't have WINS, then the only computers you see on your "network neighborhood" list are those in your current subnet.  This is due to the "master browser election" process that happens in environments that have no WINS server but have a bunch of windows client machines.

WINS has fallen out of favor in the last 10+ years due to Active Directory integration into DNS.  But, if you don't have DNS or Active Directory, WINS is one of the old retro fallbacks.  The other retro fallback is the hosts file, located at C:\Windows\System32\drivers\etc.  Not file extension on it... just called HOSTS.  It's a flat file you can open with notepad and add IP address to computer name correlations.  You'll see a sample entry for 127.0.0.1 localhost in there.  Just mimic that for the NAS if you want a HOSTS entry for the NAS.

No DNS, no WINS... you ain't got jack for name resolution.

Do NOT mess with altering the network config of the NAS.  Routing is not the answer here.

Your only option is the HOSTS file, described below.



Anyways...

Assuming the office has an IP subnet of 10.1.1.x/255.255.0.0, and the NAS appliance has an IP address of 10.1.1.10, and you're at a residential/external location that is a 192.168.1.x/255.255.255.0 network...

Can you find the NAS with the VPN active and you type \\10.1.1.10\sharename?


Also, question:

Please tell me that the office is not a 192.168.x.x network.

Because if the office is 192.168.1.x/255.255.255.0, and your home is 192.168.1.x/255.255.255.0, and you establish a VPN from your NATed home network to the endpoint on the office's NATed network... it's unroutable.  According to the VPN you would be inside the same network since both network/netmasks match.