So we've got two offices connected via Sonicwall IKE VPN:
- HQ is 10.42.0.0/16
- Remote is 10.63.0.0/16
There is an MS file share on a Windows 7 Pro box in HQ, 10.42.3.203, and machines in the Remote office need to access it. Both firewalls have 'allow any to any' rules for traffic between the two networks, and no deny rules that would apply to the traffic.
Below is a tshark transcript of someone in the remote office attempting to access the share in HQ. The machine running it listens on a mirrored uplink port behind the HQ firewall.
414.411940 10.63.3.39 -> 10.42.3.203 TCP 66 55628 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1398 WS=256 SACK
415.518100 10.63.3.39 -> 10.42.3.203 TCP 66 55635 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1398 WS=256 SACK
415.519325 10.63.3.39 -> 10.42.3.203 TCP 66 55636 > netbios-ssn [SYN] Seq=0 Win=8192 Len=0 MSS=1398 WS=256 SACK_
417.429670 10.63.3.39 -> 10.42.3.203 TCP 66 [TCP Retransmission] 55628 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0
418.516965 10.63.3.39 -> 10.42.3.203 TCP 66 [TCP Retransmission] 55636 > netbios-ssn [SYN] Seq=0 Win=8192 Len=0
418.516969 10.63.3.39 -> 10.42.3.203 TCP 66 [TCP Retransmission] 55635 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0
423.421594 10.63.3.39 -> 10.42.3.203 TCP 62 [TCP Retransmission] 55628 > microsoft-ds [SYN] Seq=0 Win=65535 Len=
424.525998 10.63.3.39 -> 10.42.3.203 TCP 62 [TCP Retransmission] 55636 > netbios-ssn [SYN] Seq=0 Win=8192 Len=0
424.526002 10.63.3.39 -> 10.42.3.203 TCP 62 [TCP Retransmission] 55635 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0
436.553750 10.63.3.39 -> 10.42.3.203 NBNS 92 Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00>
436.554051 10.42.3.203 -> 10.63.3.39 NBNS 217 Name query response NBSTAT
436.603070 10.63.3.39 -> 10.42.3.203 TCP 66 55690 > netbios-ssn [SYN] Seq=0 Win=8192 Len=0 MSS=1398 WS=256 SACK_
439.614949 10.63.3.39 -> 10.42.3.203 TCP 66 [TCP Retransmission] 55690 > netbios-ssn [SYN] Seq=0 Win=8192 Len=0
445.600591 10.63.3.39 -> 10.42.3.203 TCP 62 [TCP Retransmission] 55690 > netbios-ssn [SYN] Seq=0 Win=8192 Len=0
457.620875 10.63.3.39 -> 10.42.3.203 TCP 66 55734 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1398 WS=4 SACK_PERM=1
457.621149 10.42.3.203 -> 10.63.3.39 TCP 60 http > 55734 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
458.159020 10.63.3.39 -> 10.42.3.203 TCP 66 [TCP Port numbers reused] 55734 > http [SYN] Seq=0 Win=8192 Len=0 MS
458.159258 10.42.3.203 -> 10.63.3.39 TCP 60 http > 55734 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
458.689704 10.63.3.39 -> 10.42.3.203 TCP 62 [TCP Port numbers reused] 55734 > http [SYN] Seq=0 Win=8192 Len=0 MS
458.690002 10.42.3.203 -> 10.63.3.39 TCP 60 http > 55734 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
458.725494 10.63.3.39 -> 10.42.3.203 TCP 66 55736 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1398 WS=4 SACK_PERM=1
458.725696 10.42.3.203 -> 10.63.3.39 TCP 60 http > 55736 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
459.260930 10.63.3.39 -> 10.42.3.203 TCP 66 [TCP Port numbers reused] 55736 > http [SYN] Seq=0 Win=8192 Len=0 MS
459.261180 10.42.3.203 -> 10.63.3.39 TCP 60 http > 55736 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
459.795362 10.63.3.39 -> 10.42.3.203 TCP 62 [TCP Port numbers reused] 55736 > http [SYN] Seq=0 Win=8192 Len=0 MS
459.795640 10.42.3.203 -> 10.63.3.39 TCP 60 http > 55736 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
It just seems to ignore the packets until the NBNS query to which it responds, and then it alternately ignores or RSTs any other packets.
It also does this fun thing where ping works one way, but not the other:
29.683073 10.42.3.203 -> 10.63.3.39 ICMP 74 Echo (ping) request id=0x0001, seq=36/9216, ttl=128
29.688421 10.63.3.39 -> 10.42.3.203 ICMP 74 Echo (ping) reply id=0x0001, seq=36/9216, ttl=128
30.758418 10.42.3.203 -> 10.63.3.39 ICMP 74 Echo (ping) request id=0x0001, seq=37/9472, ttl=128
30.764715 10.63.3.39 -> 10.42.3.203 ICMP 74 Echo (ping) reply id=0x0001, seq=37/9472, ttl=128
31.759546 10.42.3.203 -> 10.63.3.39 ICMP 74 Echo (ping) request id=0x0001, seq=38/9728, ttl=128
31.764583 10.63.3.39 -> 10.42.3.203 ICMP 74 Echo (ping) reply id=0x0001, seq=38/9728, ttl=128
32.760653 10.42.3.203 -> 10.63.3.39 ICMP 74 Echo (ping) request id=0x0001, seq=39/9984, ttl=128
32.766173 10.63.3.39 -> 10.42.3.203 ICMP 74 Echo (ping) reply id=0x0001, seq=39/9984, ttl=128
45.221105 10.63.3.39 -> 10.42.3.203 ICMP 74 Echo (ping) request id=0x0001, seq=4217/30992, ttl=128
49.749227 10.63.3.39 -> 10.42.3.203 ICMP 74 Echo (ping) request id=0x0001, seq=4218/31248, ttl=128
54.747578 10.63.3.39 -> 10.42.3.203 ICMP 74 Echo (ping) request id=0x0001, seq=4219/31504, ttl=128
59.754256 10.63.3.39 -> 10.42.3.203 ICMP 74 Echo (ping) request id=0x0001, seq=4220/31760, ttl=128
Windows firewall is not enabled on the machine, and all machines within HQ can access it just fine. There is a Samba server elsewhere in the network that also works just fine from all offices. It's like these Windows machines are simply refusing traffic from things that are not on their subnet.
Disclaimer: I did not choose either the subnetting or to run a fileshare on a Windows 7 box. They are both before my time and I can't change it at this time. I know they are dumb/bad respectively, please try to look past them. Thanks.
Are you sure Windows Firewall (and all other firewalls if any) are configured correctly? You say it's off, however that's a pretty bad idea in itself. To confirm it's appropriately off for all interfaces, can you please post a screenshot of the Windows Firewall control panel screen from the Win 7 PC.
Windows Firewall by default will blockfile-sharing requests from outside the local subnet (and ping is considered a file-sharing protocol...), and your issue sounds exactly like either this, or a routing issue (but the pings working the other way round suggests this isn't likely).
The existence of the subnet-only setting, as well as how to change it, is not particularly obvious in Windows Firewall settings. You have to go to Advanced Settings via the control panel, or by directly running wf.msc, and ensure all Inbound File and Printer Sharing rules, under the Scope tab, are not limited to "Local subnet".