[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] VPN Pool NAT
Given that master browsers are identified by Netbios records, and WINS is in
the business of distributing those selfsame Netbios records, and (oh yeah)
what you're browsing is a list of Netbios names, I don't exactly see how you
can disconnect browsing and WINS (and by implication, Netbios). But believe
whatever you like.
That aside, you are correct about that "(b) is important" bit. In
commenting earlier it had not occurred to me to suggest that one might want
to verify that the client workstation was actually in the domain (or at
least an identically named workgroup) as the domain one wants to browse.
Must have assumed that it was handled, and you know what they say about
assuming...
However, it should be noted that being in a different workgroup/domain will
only prevent "easy" browsing in the form of "when I double-click on Network
Neighborhood everything automatically comes up." It will *not* prevent the
user from drilling down from Entire Network/Microsoft Windows Network to get
to the domain in question, if the NBT traffic is moving properly in the
right directions.
-----Original Message-----
From: David Gillett [mailto:[email protected]]
Sent: Monday, June 24, 2002 4:38 PM
To: [email protected]
Subject: Re: [FW-1] VPN Pool NAT
No matter how many people seem to think so, I do not believe that browsing
and WINS are related, at least to the extent that getting one to work makes
much difference to the other. (For one thing, WINS is IP specific, browsing
should work over/with IP, IPX, and NetBEUI. You can have machines show up
in the browse list, with whom you cannot connect for lack of a common
transport protocol.)
A browse client obtains the browse list from a browse master. The browse
master (a) is on the same subnet as the client, and (b) is a member of the
same workgroup/domain as the client.
That (b) is important! For NT/2K(/XP?), the domain could be either that
that the machine is part of, or that the current user is logged in to. For
95/98(/ME?), it's the domain/workgroup specified in the "Identification" tab
of the machine's network settings.
David Gillett
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[email protected]]On Behalf Of Mark
> Ward
> Sent: Monday, June 24, 2002 5:15 AM
> To: [email protected]
> Subject: [FW-1] VPN Pool NAT
>
>
> I am trying to get this working with Netbios for windows stuff. I have
> added the netbios_nat (true) to my objects.C and it does not work.
> However my VPN
> NAT Pool addresses are part of my encryption domain, is this
> correct ? With
> the netbios_nat off I can browse some domains but not others. My WINS
> servers have my real IP address from my SDL supplier.
>
>
> Has anybody got browsing with secureclinet and VPN NAT Pool working ?
>
> mapping drives, net views etc work fine
>
>
> thanks
>
> Mark
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================