Sonicwall and Windows XP

By alan_viens ·
I have site-to-site VPNs configured for multiple offices. connections from Win XP machines can connect to servers across the tunnel. however, Win xP machines and servers CANNOT connect to shares on other Win XP machines across the tunnel. Win XP and server machines CAN connect to other Win XP shares on the SAME SUBNET. any ideas why i cannot see a Win XP share across the VPN tunnel??

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

My guess would be because Kerberos uses UDP

by robo_dev In reply to Sonicwall and Windows XP

You can reconfigure XP to use TCP for Kerberos authentication with a simple registry hack:

The issue is that the authentication protocol used by Windows, Kerberos, uses UDP (to be standards-compliant). UDP is a stateless protocol (therefore is unreliable).

VPNs and UDP do not get along because MTU sizes and latency issues create out-of-order packets. TCP can tolerate out-of-order or fragmented packets, but UDP cannot.

I believe part of the 'same subnet' issues exist is because UDP broadcasts will typically be limited to a single subnet (unless you've enabled multicast across multiple subnets, which is a bad idea).

So my first guess is to add the TCP hack to use TCP for Kerberos.

My next guesses would involve fiddling with WINS and LMHOSTS and also the nbtstat command.

Remember, Microsoft Networking is an art, not a science.

Related Discussions

Related Forums