Your problem is likely the propgation of broadcasts... Or lack thereof.
One thing you can do (I'm assuming you have a router before (LAN-side) the
PIX) is set up an ip-helper address to forward UDP-level broadcasts (like
138/139 Netbios) to the NT server.
The other thing you can do is bypass that broadcast thought process by using
LMHosts files on the workstations at the branch office. That will pre-load
(if you use the #PRE designation) the NetBIOS cache and give you IP
addresses to go to. So if you have IP reachability, things will work just
fine then.
In LMHOSTS. :
(ip address) (Netbios name) #PRE #DOM:(domain name if domain controller)
Also, to refresh without rebooting the PCs, "nbtstat -R"
Hope this helps!
Scott
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Bond
Sent: Thursday, December 07, 2000 1:19 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: tough VPN question
Hello,
I'm trying to set up a IPSec between a PIX (branch
office) and router (central office). All PCs at branch
office share 1 ip address. IPSec seems to be working
fine because clients can ping/telnet/email/map drives
from/to central office. The problem is they can't
logon NT domain. They can ping domain controller
though.
Any idea why they can't log on NT domain? (The
machines were already added to domain)
Thanks in advance.
Jim
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
_______________________________________________________
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
