How to get SMB across a VPN tunnel?

We just installed a Nortel Contivity 600 VPN gateway at work. While all non-Windoze protocols work fine, SMB is another matter. I'm currently trying to get a Windows 98SE box to connect to shares on the corp NT 4 domain, but I'm getting absolutely nowhere.

M$ and Nortel are no help, and while Usenet indicates it is possible, the offered suggestions indicate nobody really knows how or why. So far I have the entries for workgroup (in the computer identification dialog), domain (log on to NT domain in the Client for MS networks) and security (in the shares settings) set to the name of the domain. I've tried with and without the "Log-on to NT domain" check in the "Client for MS networks"; with the MS network client attached/detached to all combinations of TCP/IP-to-adapter bindings (can't attach to the NOC Extranet protocol); with and without DNS and with and without WINS. No luck.

My network settings show 3 adapters: one for the real NIC, one for my Enternet PPPoE DSL connector, and a Nortel Extranet Access adapter. Bindings show the Nortel Extranet protocol bound to the Extranet Access adapter (originally, it was tied to all adapters but I removed those during the SMB troubleshooting); and TCP/IP to all three adapters. The TCP/IP->NIC binding has an IP address that allows it to speak directly to the ADSL modem, the other bindings are set to "Assign IP address automatically". TCP/IP->Extranet is set as the default protocol.

Capturing the traffic with Ethereal at the Extranet adapter has shed some light, but unfortunately only on why it is going wrong:

Regular traffic has the IP address assigned by the Contivity gateway as source. This is the TCP/IP->Extranet adapter binding. Traffic generated by SMB commands, OTOH, has the (static) IP address of the real NIC as source. This goes nowhere of course. Subsequently, I disconnected the MS networking client from all bindings but the TCP/IP->Extranet one. This resulted in no packets being sent on any interface on SMB commands, and Windows claims immediately that the computer is not hooked into any network. Nice...

Also, even with the MS client bound to the NIC, only DNS traffic is ever sent. W98 seems to default to DNS name resolution instead of WINS if DNS is turned on. With DNS off, no traffic is sent on SMB network commands either. So far, I have not detected any attempt at sending log-in credentials or WINS name resolution to any interface.

So, the question is: does anyone have a similar setup at work and has SMB working across the tunnel? If so, could you please, please let me know what the network settings look like?

Any lights into this darkness are much appreciated.

Welcome to IWETHEY!