Symantec Client and Dameware Install across segments

[Geckotek]

Well, I'm almost there, but still battling this one problem.

When attempting to do things like install a Symantec Client or push the Dameware Remote client, I can connect to PCs on my local segment, but not across the WAN connection. When I take my laptop to the other office, same thing.....can now connect to those PCs that are local, but not the ones back at the main office.

The Wan connection is a point to point T1 running Adtrans on each end. The remote segment get their DHCP addresses from the Adtran on that end.

Main office is 192.168.1.0/255.255.255.0

Remote office is 192.168.3.0/255.255.255.0

Here are the GPO settings I have configured:

Network/Network Connections/Windows Firewall/Domain Profile

Windows Firewall: Allow file and printer sharing exception - Enabled - From *

Windows Firewall: Allow local port exceptions - Enabled

Windows Firewall: Allow remote administration exception - Enabled - From *

Windows Firewall: Allow Remote Desktop exception - Enabled - From *

Windows Firewall: Protect all network connections - Enabled

Windows Firewall: Define port exceptions - Enabled

135:TCP:*:Enabled:Offer Remote Assistance - Port

137:TCP:*:Enabled:DWMRC Install

2967:TCP:LocalSubnet,192.168.1.0/24,192.168.3.0/24:Enabled:Symantec AV TCP

2967:UDP:LocalSubnet,192.168.1.0/24,192.168.3.0/24:Enabled:Symantec AV TCP

6129:TCP:*:Enabled:DameWare MRC

Couple of thoughts...I do not intend to keep all hosts open (*). I eventually want to lock this down after getting it figured out. I also realize the "LocalSubnet" may be extraneous if the local subnet is also listed (not sure why I did that in the first place...was in a hurry I guess.) All Symantec clients are working with the System Center otherwise and are receiving sig updates (just can't push a client.)

I'm sure I've left out some helpful information, so please let me know what else I should post.

TIA

Edit: Oh, and I installed WSUS Sunday night, but I'm not 100% that the clients are pulling the updates. I expected a big drop from yesterday to today....but not so.

Edited January 10, 2006 by Geckotek

[RogueSpear]

I use Symantec SAV and SCS but I deploy them via Group Policy. I am also a long time user of DameWare NT Utilities (and of course the mini remote product). While I've never attempted to push either of DameWare's services across subnets, I believe there may be broadcast and / or ICMP traffic involved in the push install of those services which may be contributing to the problem. I've never had a problem using DameWare or the mini remote across subnets or within a VPN session though.

In all honesty I've never inspected the traffic involved with it, but a quick peek with Ethereal or Sniffer should give you the answers your looking for.