Welcome to ISAserver.org

udp 137, 138

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 Firewall] >> VPN >> udp 137, 138

Page: [1]

Message

<< Older Topic Newer Topic >>

udp 137, 138 - 23.Sep.2002 11:03:00 PM

Barryh

Posts: 44
Joined: 20.Mar.2002
From: Kirkland, WA
Status: offline

ISA Server setup to allow incoming VPN. External clients can login and connect just fine, but I have never been able to get name resolution to help, even with all the fine help from this message board several months ago. Cliens can connect to anything if they use IP addresses instead of names. And yes, believe me, we have been over all the settings. The client is getting the wins server address.

What I noticed now though, by examining the IP log, is that ISA is blocking attempts of the client to conenct to udp ports 137 and 138, the netbios name service and datagrm protocols. Do I need to configure some kind of incoming rule for these? I did not think these would be needed for a vpn connection to resolve name. . I must be missing something here, but I have never read any kind of instruction about configuring rules for these to get incoming VPN to work. I am sure that I have just displayed brute ignorance here, but I am willing to humuliate myself to solve this problem!

Post #: 1

Featured Links*

RE: udp 137, 138 - 24.Sep.2002 6:13:00 PM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Barry,

No brute ignorance at all [Big Grin]

But the ISA Server does not examine the VPN traffic, so ISA Server Protocol Rules do not apply to it. When you do an IPCONFIG on the VPN client, it does't show the IP address of the WINS server?

Thanks!

Tom

(in reply to Barryh)

Post #: 2

RE: udp 137, 138 - 24.Sep.2002 6:57:00 PM

Barryh

Posts: 44
Joined: 20.Mar.2002
From: Kirkland, WA
Status: offline

Hi Tom.

That is what I thought. And IPCONFIG does show the WINS server which is assigned from the ISA internal NIC. Everything looks good, but name resolution just does not work, so no browsing. It is a pain to show our users how to do a "net use" with IP addresses! [Roll Eyes]

Thaks,
Barry

(in reply to Barryh)

Post #: 3

RE: udp 137, 138 - 25.Sep.2002 3:43:00 PM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Barry,

Are these dreaded Win9x clients? In that case, the local hard-coded WINS servers will override anything assigned by the VPN server.

HTH,
Tom

(in reply to Barryh)

Post #: 4

RE: udp 137, 138 - 26.Sep.2002 12:29:00 AM

Barryh

Posts: 44
Joined: 20.Mar.2002
From: Kirkland, WA
Status: offline

Tom,

These are Win2000 and XP clients. I have a further clue: After the client connects, The network can be browsed and the servers and PC's show up. But when you try to access a server to see the shares, by double clicking the server icon or mapping a drive, then you get the dreaded "Network path cannot be found" error.

But if you map a drive using the IP address of the server as in \\192.168.10.30\share, then you are prompted for credentials and the drive is mapped, and it works.

-Barry

(in reply to Barryh)

Post #: 5

RE: udp 137, 138 - 18.Oct.2002 10:08:00 PM