3 Replies Latest reply on Feb 20, 2013 7:25 AM by noor

    WINS over VPN

    travisrigby New Member

      Is there a way t push WINS name resolution over VPN? I can se computers by IP address, but not by their WINS name. Is ther ea way to overcome this so my users can navigate easier between the networks?

       

      Are there better VPN options to tie my network together? Do I always need to use NAT? Or is it possible to ever put VPNs on the same subnet?

       

      Sorry,  alot of questions, but wondering if there is a best practivces guide or white paper on VPNs?

       

      Thanks!

        • Re: WINS over VPN
          Employee

          @travisrigby - If you have a VPN tunnel between 2 routers, then there is nothing to be configured for WINS name resolution to work. You will need to ensure that the PCs trying to access other network equipment are configured with the correct WINS server and have connectivity to that server. If the IPs are able to communicate, then the router is not preventing the names from being resolved.

           

          If you are using a VPN client to access network devices by name, then you will need to configure a WINS server IP address to hand out to the VPN client when it negotiates. This can be done in the web interface by navigating to VPN Peers and the clicking on the mobile VPN peer under the "Create VPN Peers" section. Under the section "Remote Addressing", you will see the option to specify a primary and secondary WINS server.

           

          In the CLI, this can be specified by the commands below:

           

          (config)# crypto ike client configuration pool <Pool Name>

          (config-ike-client-pool)# netbios-name-server <WINS server IP>

           

          VPN networks have to be on different subnets due to the nature of the NetVanta routers. If a NetVanta router has to deliver a packet that is on the same subnet as one of its interfaces, it will see that traffic as local and will proceed to ARP for which interface to send the traffic out. That traffic will never be routed and, therefore, will never be touched by the crypto map.

           

          You may find the following documents helpful:

           

          Understanding IPSec VPNs

          Configuring VPN using Main Mode

          Configuring VPN using Aggressive Mode

          Configuring VPN using a VPN Client

          Configuring ShrewSoft VPN Client

           

          Other VPN documents are available in the forum. Simply navigate to the product category in question and click on "AOS Documentation" on the top left of the page. Once you click on that, you will see documentation categories listed below. Select the "VPN" category, and you will see the relevant VPN documentation for that product.

           

          Let us know if you have any questions.

           

          Thanks,

          Noor

            • Re: WINS over VPN
              Employee

              @travisrigby - I marked this question as "assumed answered," but please do not hesitate to reply to this post with additional questions.  I will be happy to help in any way I can.

               

              Thanks,

              Noor

                • Re: WINS over VPN
                  Employee

                  I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                   

                  Thanks,

                  Noor