RE: Still doesn't work: tough VPN question

Dave Swink Mon, 22 Jan 2001 19:10:19 -0800
This site has the best info on LMHOSTS that I have found.  It helped me with
router to client VPNs.

http://home.att.net/~j.buchan/index.htm

Dave Swink

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Patrick Dooley
> Sent: Monday, January 22, 2001 2:49 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Still doesn't work: tough VPN question
>
>
> Are you sure the PDC has a route back to the VPN client?
>
> "Justin Menga" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi,
> >
> > Are you using NAT anywhere in the setup - NAT breaks some NetBIOS stuff,
> > particularly domain logons and NT trusts.
> >
> > NAT meaning are you referencing the DC by a false IP address, or by it's
> > valid address.
> >
> > If you are not using NAT, then forget about the IPSec, just
> think of it as
> a
> > router to router link.  You will be attempting to talk to the DC using
> > internal addressing, so really all that is required on the remote end is
> > that the WINS server entries are configured correctly OR a
> manual LMHOSTS
> > entry.
> >
> >
> >
> > -----Original Message-----
> > From: Jim Bond [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, December 08, 2000 6:30 PM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: Still doesn't work: tough VPN question
> >
> >
> > Hello,
> >
> > Thank you guys for the help. Unfortunately, I tried to
> > put LMHOST file, still doesn't work. We use WINS and I
> > can ping domain controller using name so I don't think
> > it's naming issue.
> >
> > I used a sniffer captured some data, client is sending
> > logon request to domain controller but didn't get any
> > response. Looks like PIX blocks it. How do I open
> > it(port 137, 138, 139)?
> >
> > Thanks in advance.
> >
> >
> > Jim
> >
> > --- Scott Morris <[EMAIL PROTECTED]> wrote:
> > > Your problem is likely the propgation of
> > > broadcasts...  Or lack thereof.
> > > One thing you can do (I'm assuming you have a router
> > > before (LAN-side) the
> > > PIX) is set up an ip-helper address to forward
> > > UDP-level broadcasts (like
> > > 138/139 Netbios) to the NT server.
> > >
> > > The other thing you can do is bypass that broadcast
> > > thought process by using
> > > LMHosts files on the workstations at the branch
> > > office.  That will pre-load
> > > (if you use the #PRE designation) the NetBIOS cache
> > > and give you IP
> > > addresses to go to.  So if you have IP reachability,
> > > things will work just
> > > fine then.
> > >
> > > In LMHOSTS. :
> > >
> > > (ip address) (Netbios name) #PRE #DOM:(domain name
> > > if domain controller)
> > >
> > > Also, to refresh without rebooting the PCs, "nbtstat
> > > -R"
> > >
> > > Hope this helps!
> > >
> > > Scott
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > Jim Bond
> > > Sent: Thursday, December 07, 2000 1:19 AM
> > > To: [EMAIL PROTECTED]
> > > Cc: [EMAIL PROTECTED]
> > > Subject: tough VPN question
> > >
> > >
> > > Hello,
> > >
> > > I'm trying to set up a IPSec between a PIX (branch
> > > office) and router (central office). All PCs at
> > > branch
> > > office share 1 ip address. IPSec seems to be working
> > > fine because clients can ping/telnet/email/map
> > > drives
> > > from/to central office. The problem is they can't
> > > logon NT domain. They can ping domain controller
> > > though.
> > >
> > > Any idea why they can't log on NT domain? (The
> > > machines were already added to domain)
> > >
> > > Thanks in advance.
> > >
> > >
> > > Jim
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Yahoo! Shopping - Thousands of Stores. Millions of
> > > Products.
> > > http://shopping.yahoo.com/
> > >
> > >
> > _______________________________________________________
> > > To unsubscribe from the CCIELAB list, send a message
> > > to
> > > [EMAIL PROTECTED] with the body containing:
> > > unsubscribe ccielab
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Shopping - Thousands of Stores. Millions of Products.
> > http://shopping.yahoo.com/
> >
> > _______________________________________________________
> > To unsubscribe from the CCIELAB list, send a message to
> > [EMAIL PROTECTED] with the body containing:
> > unsubscribe ccielab
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Still doesn't work: tough VPN question

Reply via email to
