Hello,
Thank you guys for the help. Unfortunately, I tried to
put LMHOST file, still doesn't work. We use WINS and I
can ping domain controller using name so I don't think
it's naming issue.
I used a sniffer captured some data, client is sending
logon request to domain controller but didn't get any
response. Looks like PIX blocks it. How do I open
it(port 137, 138, 139)?
Thanks in advance.
Jim
--- Scott Morris <[EMAIL PROTECTED]> wrote:
> Your problem is likely the propgation of
> broadcasts... Or lack thereof.
> One thing you can do (I'm assuming you have a router
> before (LAN-side) the
> PIX) is set up an ip-helper address to forward
> UDP-level broadcasts (like
> 138/139 Netbios) to the NT server.
>
> The other thing you can do is bypass that broadcast
> thought process by using
> LMHosts files on the workstations at the branch
> office. That will pre-load
> (if you use the #PRE designation) the NetBIOS cache
> and give you IP
> addresses to go to. So if you have IP reachability,
> things will work just
> fine then.
>
> In LMHOSTS. :
>
> (ip address) (Netbios name) #PRE #DOM:(domain name
> if domain controller)
>
> Also, to refresh without rebooting the PCs, "nbtstat
> -R"
>
> Hope this helps!
>
> Scott
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jim Bond
> Sent: Thursday, December 07, 2000 1:19 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: tough VPN question
>
>
> Hello,
>
> I'm trying to set up a IPSec between a PIX (branch
> office) and router (central office). All PCs at
> branch
> office share 1 ip address. IPSec seems to be working
> fine because clients can ping/telnet/email/map
> drives
> from/to central office. The problem is they can't
> logon NT domain. They can ping domain controller
> though.
>
> Any idea why they can't log on NT domain? (The
> machines were already added to domain)
>
> Thanks in advance.
>
>
> Jim
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Shopping - Thousands of Stores. Millions of
> Products.
> http://shopping.yahoo.com/
>
>
_______________________________________________________
> To unsubscribe from the CCIELAB list, send a message
> to
> [EMAIL PROTECTED] with the body containing:
> unsubscribe ccielab
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
