Scanning Over WAN/IPsec

By mkachanis ·
Have an offsite scanner that needs to scan to a share. Scanner and its local machines are not within the AD of where the share is located.

From a network layout standpoint the two networks are connected via IPSec over WAN and are just on different subnets.

My two problems appear to be getting the share to accept and acknowledge the credentials the scanner is providing. I created a special account for this in AD and granted permissions accordingly.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

How are the two different subnets connected together?

by robo_dev In reply to Scanning Over WAN/IPsec

typically there would be a router in between.

Can your scanner ping the remote device? if so, what sort of latency?

Can it enumerate the device via Windows browsing or Net USE commands?

When you say 'WAN', do you mean Internet or enterprise WAN?

The issue is that AD authentication uses Kerberos, which uses UDP. UDP does not tolerate dropped packets or MTU-size diiferences very well. With a registry hack you can force the PC to use TCP for Kerberos.

When you say connected via IPSEC, do you mean a user VPN or site-to-site? User VPNs typically do not allow split tunneling which may be part of the issue.

Related Discussions

Related Forums