This is true by default- except for IP address, all network settings are
mirrored of the R/RAS server.
The registry can be modified to supply different network settings however...
That too, is in the TechNet KB.
| -----Original Message-----
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]]On Behalf Of Borod, Christopher
| Sent: Tuesday, October 19, 1999 2:20 PM
| To: 'Ben Nagy'; 'Lisa Napier'; Jean Morissette; firewalls@lists. gnac.
| net
| Subject: RE: MS PPTP and PIX
|
|
| I'll try to add some to this....I almost certainly is NOT the
| Pix....Had
| this very problem with Bay/Nortel dial-in server using dhcp.
| Win 95 and 98
| clients could connect, but NT could not...
|
| Seems RAS hands out only the IP address from DHCP, the rest
| comes from RAS
| whether you like it or not........check the technet for details.....
|
| ChrisB
|
| -----Original Message-----
| From: Ben Nagy [mailto:[EMAIL PROTECTED]]
| Sent: Sunday, October 17, 1999 8:20 PM
| To: 'Lisa Napier'; Jean Morissette; firewalls@lists. gnac. net
| Subject: RE: MS PPTP and PIX
|
|
| Thanks, Lisa.
|
| Always good to get a non solution. ;)
|
| Juuuust kidding.
|
| J-M - this doesn't look like a PIX problem, and I'd avoid
| screwing with it
| or implying to the customer that it's the culprit - (I
| suspect that) you'll
| just look dumb later. If you can make a successful PPTP connection and
| transfer _any_ packets then the problem is almost certainly
| one of the NT
| boxen.
|
| Here are a few ideas...
|
| When you make a PPTP connection, just like any VPN, it's like
| connecting
| another network interface to your box. This means that you
| need to make sure
| that the routes aren't screwed up, for one thing. MS
| thoughtfully have the
| default option for PPTP set so that the PPTP connection
| becomes the default
| route - this is often bad.
|
| Secondly, just because you have a new interface, doesn't mean
| that the NT
| box knows where on the new network to go to authenticate -
| troubleshoot this
| just as a normal "can't find domain controller" problem.
|
| Finally, I'm not sure what how you "setup NetBIOS" - do you
| mean NetBEUI?
| AFAIK you can't talk NT _out_ of enabling NetBIOS - if you
| pare down your
| protocols to TCP/IP it will enable NetBIOS over TCP (NetBT or NetBIOS
| Transport) automatically. If you've gotten it not to, then
| tell me how!
|
| One more question -
|
| > >If I setup netbios on the VPN client (and PPTP/RAS
| server), users can
| > >connect and authenticate and do whatever they can/allowed.
|
| if you have a situation that works, what's the problem?
|
| Cheers,
|
| --
| Ben Nagy
| Network Consultant, CPM&S Group of Companies
| PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
|
| > -----Original Message-----
| > From: Lisa Napier [mailto:[EMAIL PROTECTED]]
| > Sent: Saturday, 16 October 1999 10:37 AM
| > To: Jean Morissette; firewalls@lists. gnac. net
| > Subject: Re: MS PPTP and PIX
| >
| >
| > Hi all,
| >
| > Afraid I don't have much information to help solve the
| > problem. I do know
| > that I've seen sites using PPTP through the PIX, both with
| > and without NAT
| > configured. In fact, the PIX documentation; Command
| > Reference, 'Conduit
| > command' has an example specific to PPTP.
| >
| > Apologies, I'm not sure what the other issues may be with the PPTP
| > setup. But it does, and can work through the PIX.
| >
| > Thanks,
| >
| > Lisa Napier
| > Product Security Incident Response Team
| > Cisco Systems
| >
| >
| > At 09:23 AM 10/15/1999 -0400, Jean Morissette wrote:
| > >I am posting here because I believe my problem is at the PIX
| > and something
| > >about NAT!
| > >
| > >I was called by a client to troubleshoot this problem:
| > >
| > >remote user (DUN/PPTP VPN)----Internet---Cisco router----PIX
| > >firewall----PPTPserver(NT 4.0 sp4) with VPN.(in a secure network)
| > >
| > >If I setup netbios on the VPN client (and PPTP/RAS
| server), users can
| > >connect and authenticate and do whatever they can/allowed.
| > >
| > >If I use TCP/IP, users can connect but can not authenticate.
| > If I look at
| > >the client's TCP/IP setting (NT w/s) with ipconfig the NDISWANx (or
| > >whatever) gives me an IP address with the default gateway
| > equals to its own
| > >IP address (ras client should get all the config from the
| > RAS server (RAS is
| > >setup to allow the RAS clients to get config. info from the
| > DHCP server). So
| > >bottom line is I can not ping inside the secure network.
| > But I can ping the
| > >public IP address of the PPTP server (So that would be the
| > address before
| > >the PIX does NAT, right??). So what is going on at the
| > cisco routers or
| > >PIX. I did not look at the router and PIX config, YET. The
| > client is
| > >supposed to have experts who manage those things, he called
| > me because in
| > >the past I always fixed his problems. He confirmed with me
| > that GRE packets
| > >and tcp port 1723 are allowed/opened.
| > >
| > >Any ideas?
| > >
| > >Jean
| > >
| > >-
| > >[To unsubscribe, send mail to [EMAIL PROTECTED] with
| > >"unsubscribe firewalls" in the body of the message.]
| >
| > -
| > [To unsubscribe, send mail to [EMAIL PROTECTED] with
| > "unsubscribe firewalls" in the body of the message.]
| >
| -
| [To unsubscribe, send mail to [EMAIL PROTECTED] with
| "unsubscribe firewalls" in the body of the message.]
| -
| [To unsubscribe, send mail to [EMAIL PROTECTED] with
| "unsubscribe firewalls" in the body of the message.]
|
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
