Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite
-
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings Control Panel > Sync Center > Manage Offline Files > Disable Offline Files
Test that just to see. You will need to reboot.
That seemed to work. Enabling it again prevented me from accessing DFS shares.
-
@dashrender said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
So what happens when you ping domain.com?
Couldn't find a host.
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
The next challenge was being able to access the colo's ERL from the office. To do this, I had to add a rule to the WAN_LOCAL ruleset on the Colo's ERL, to allow traffic tp TCP 22 and 443 from 192.168.2.0/24. I had to do the same for 192.168.1.0/24.
Or you could just allow new from IPSEC packets.
jbusch@jared:~$ show configuration commands firewall | grep "rule 40" set firewall name WAN_LOCAL rule 40 action accept set firewall name WAN_LOCAL rule 40 description 'Allow IPSEC' set firewall name WAN_LOCAL rule 40 ipsec match-ipsec set firewall name WAN_LOCAL rule 40 log disable set firewall name WAN_LOCAL rule 40 protocol all set firewall name WAN_LOCAL rule 40 state established disable set firewall name WAN_LOCAL rule 40 state invalid disable set firewall name WAN_LOCAL rule 40 state new enable set firewall name WAN_LOCAL rule 40 state related disable -
@EddieJennings did you resolve your issue?
-
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
Awesome
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
-
It seems odd that performance would be an issue here. When accessing files you want the most live, up to date files, so as long as you have access, you should be getting them from the server.
What am I missing here.
-
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
I do. For the internal office people, the main profile folders (Desktop, Documents, etc.) are redirected to network storage. When you have folder redirection, I believe Offline files are enabled by default.
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
I do. For the internal office people, the main profile folders (Desktop, Documents, etc.) are redirected to network storage. When you have folder redirection, I believe Offline files are enabled by default.
They are, but they don't have to be.
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
I do. For the internal office people, the main profile folders (Desktop, Documents, etc.) are redirected to network storage. When you have folder redirection, I believe Offline files are enabled by default.
Okay, but you don't have to have Offline files enabled, do you have users coming in and out with laptops from officess?
-
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
I do. For the internal office people, the main profile folders (Desktop, Documents, etc.) are redirected to network storage. When you have folder redirection, I believe Offline files are enabled by default.
Okay, but you don't have to have Offline files enabled, do you have users coming in and out with laptops from officess?
Yes, me.
The folks who have laptops and occasionally come into the office, don't have folder redirection enabled. I'm the only person who would be affected by this; thus, I think my work around will just be using UNC paths if I need to get to file shares when I'm at home and connected to the VPN. -
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@wirestyle22 said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@EddieJennings did you resolve your issue?
Most likely so. It appears that offline files is the clue I needed. I can do some more testing tomorrow.
YOu don't use Offline files though right?
I do. For the internal office people, the main profile folders (Desktop, Documents, etc.) are redirected to network storage. When you have folder redirection, I believe Offline files are enabled by default.
Okay, but you don't have to have Offline files enabled, do you have users coming in and out with laptops from officess?
Yes, me.
The folks who have laptops and occasionally come into the office, don't have folder redirection enabled. I'm the only person who would be affected by this; thus, I think my work around will just be using UNC paths if I need to get to file shares when I'm at home and connected to the VPN.Now you've lost me. I didn't really understand your earlier thing either between the two different UNCs you posted - can you expand up on that?
-
@dashrender Yes. When I'm connected to the remote access VPN and Offline files are enabled, this condition occurs.
\\mydomain.com\shares\theITDeptSharefails.
\\serverName\theITDeptShareworks. -
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@dashrender Yes. When I'm connected to the remote access VPN and Offline files are enabled, this condition occurs.
\\mydomain.com\shares\theITDeptSharefails.
\\serverName\theITDeptShareworks.Right, so the question is - why is your machine not resolving mydomain.com?
You could likely easily solve this with a host file entry for mydomain.com (though perhaps not if the IP stack doesn't see mydomain.com as a valid host name, not sure).
-
I guess it does work
-
Lot of good things to try in this thread.
-
Thanks to @Dashrender for the assist. It looks like the problem was authentication. I authenticated to the VPN using domain\username rather than using the User Principal Name. Doing the latter allowed me to reach DFS shares.
-
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
Thanks to @Dashrender for the assist. It looks like the problem was authentication. I authenticated to the VPN using domain\username rather than using the User Principal Name. Doing the latter allowed me to reach DFS shares.
Woops, that's crazy but definitely there is an issue with DNS.
-
@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:
Thanks to @Dashrender for the assist. It looks like the problem was authentication. I authenticated to the VPN using domain\username rather than using the User Principal Name. Doing the latter allowed me to reach DFS shares.Woops, that's crazy but definitely there is an issue with DNS.
huh?
