Are you sure the PDC has a route back to the VPN client?
"Justin Menga" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> Are you using NAT anywhere in the setup - NAT breaks some NetBIOS stuff,
> particularly domain logons and NT trusts.
>
> NAT meaning are you referencing the DC by a false IP address, or by it's
> valid address.
>
> If you are not using NAT, then forget about the IPSec, just think of it as
a
> router to router link. You will be attempting to talk to the DC using
> internal addressing, so really all that is required on the remote end is
> that the WINS server entries are configured correctly OR a manual LMHOSTS
> entry.
>
>
>
> -----Original Message-----
> From: Jim Bond [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 08, 2000 6:30 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Still doesn't work: tough VPN question
>
>
> Hello,
>
> Thank you guys for the help. Unfortunately, I tried to
> put LMHOST file, still doesn't work. We use WINS and I
> can ping domain controller using name so I don't think
> it's naming issue.
>
> I used a sniffer captured some data, client is sending
> logon request to domain controller but didn't get any
> response. Looks like PIX blocks it. How do I open
> it(port 137, 138, 139)?
>
> Thanks in advance.
>
>
> Jim
>
> --- Scott Morris <[EMAIL PROTECTED]> wrote:
> > Your problem is likely the propgation of
> > broadcasts... Or lack thereof.
> > One thing you can do (I'm assuming you have a router
> > before (LAN-side) the
> > PIX) is set up an ip-helper address to forward
> > UDP-level broadcasts (like
> > 138/139 Netbios) to the NT server.
> >
> > The other thing you can do is bypass that broadcast
> > thought process by using
> > LMHosts files on the workstations at the branch
> > office. That will pre-load
> > (if you use the #PRE designation) the NetBIOS cache
> > and give you IP
> > addresses to go to. So if you have IP reachability,
> > things will work just
> > fine then.
> >
> > In LMHOSTS. :
> >
> > (ip address) (Netbios name) #PRE #DOM:(domain name
> > if domain controller)
> >
> > Also, to refresh without rebooting the PCs, "nbtstat
> > -R"
> >
> > Hope this helps!
> >
> > Scott
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Jim Bond
> > Sent: Thursday, December 07, 2000 1:19 AM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: tough VPN question
> >
> >
> > Hello,
> >
> > I'm trying to set up a IPSec between a PIX (branch
> > office) and router (central office). All PCs at
> > branch
> > office share 1 ip address. IPSec seems to be working
> > fine because clients can ping/telnet/email/map
> > drives
> > from/to central office. The problem is they can't
> > logon NT domain. They can ping domain controller
> > though.
> >
> > Any idea why they can't log on NT domain? (The
> > machines were already added to domain)
> >
> > Thanks in advance.
> >
> >
> > Jim
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Shopping - Thousands of Stores. Millions of
> > Products.
> > http://shopping.yahoo.com/
> >
> >
> _______________________________________________________
> > To unsubscribe from the CCIELAB list, send a message
> > to
> > [EMAIL PROTECTED] with the body containing:
> > unsubscribe ccielab
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Shopping - Thousands of Stores. Millions of Products.
> http://shopping.yahoo.com/
>
> _______________________________________________________
> To unsubscribe from the CCIELAB list, send a message to
> [EMAIL PROTECTED] with the body containing:
> unsubscribe ccielab
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
