Mike, The catch to all this is browse lists. Unless you are running Samba boxes on *both* ends of the VPN doing browse list synchronization, you won't see the machines in both LAN's in Network Neighborhood. I also found that having one of the Samba boxes do WINS serving helped... I never needed the lmhosts or hosts files on the workstations. However, if you don't have Samba, you can map resources by IP without issue. I found that transfers were MUCH faster this way, rather than using Network Neighborhood. Don't know why... Just a M$ thing I guess.
As far as firewall rules go, I can't say for sure as I'm using Eiger, not Dachstein, but the only issue I had was with SNMP being blocked by default when I tried to get a Jet Direct card going on the other side. Virtually everything else goes straight down the tunnel as it's encrypted anyway. So, if your tunnel is up and operational, you should be able to cut/paste at will. But the local browse broadcasts aren't routable and hence, won't find their way onto the other subnet. Brock > Message: 14 > Date: Wed, 09 Jan 2002 10:49:26 -0600 > From: "Michael D. Schleif" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Organization: mds resource > To: LEAF <[EMAIL PROTECTED]> > Subject: [Leaf-user] DCD, ipsec & windows networking ??? > > > OK, we have setup two (2) ipsec gateways on two DCD firewalls > across the internet. Standard tcp/ip stuff works as expected. > > Now, we want to get the m$oft windoze networks on each side > to interact with each other, as if they are on the same network. > > We have setup lmhosts files on each side for testing > purposes; but, we cannot get windoze networking to work. > > What changes to the firewall are necessary? > > What do you think? > > -- > > Best Regards, > > mds _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user