[Vpn-help] Windows client to Linksys and network shares

[Matthew Grooms]

hIp-HiPpO wrote:
> 
> Great, now I can "use a virtual adapter with an assigned address".  In this
> case, I've set the remote client with an IP of 10.7.10.250.  It's 
> interesting that the IP I source from as seen in service logs is 
> 10.7.10.250.  I was assuming that I'd have an IP on the remote subnet.  Can 
> the Linksys assign the client an IP in it's LAN subnet, or is that a 
> function of modecfg?
> 

Addressing the client in the same subnet as the remote network would 
make it part of the same layer 2 broadcast domain. In other words, a 
host behind the gateway would attempt to resolve the clients virtual 
adapter MAC address using the ARP protocol. IPsec policy processing 
happens at layer 3 and ARP is layer 2 and most gateways won't respond 
with a proxy ARP response ( especially gateways that don't assign the 
client virtual IP addresses ) so the ARP request would go unanswered.

By assigning an IP address for the client virtual adapter in a separate 
network than the private network used behind the gateway, a host behind 
the gateway will forward traffic to the next hop which is typically the 
gateway itself. The gateway then performs IPsec policy processing using 
the layer 3 source and destination IP addresses and then forwards the 
traffic to the correct client via the encrypted tunnel.

I'm not sure if the Linksys routers can assign client IP addresses via 
modecfg. My guess is that they can't. If they could, you would define an 
IP address pool using a network that doesn't overlap any private network 
behind the gateway. In other words, you would still use a network like 
10.7.10.0/24 for client virtual address assignment.

> I also found that the firewall was blocking Samba.  Sorry for crying wolf on 
> that issue.
> 

Were you able to correct this? Are you sure it was being blocked or was 
NetBIOS name resolution just not working?

> Yes, thanks for the help,
> 

Your welcome.

-Matthew