Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
902
Views
0
Helpful
2
Replies

Domain login problems on lan to lan vpn

luckeyday2
Level 1
Level 1

‎04-07-2004 10:28 AM - edited ‎02-20-2020 11:20 PM

I have two pix 501 firewalls that are connected as a VPN. I cant see the other network in network neighborhood. When I try to add a pc to the domain from the remote side I get an error. In 2000 it is network path unavailable and it windows 98 I get The domain password you supplied is incorrect or access to the login server has been denied. I checked technet and had Cisco look at it and they say it is a Microsoft issue. I just dont believe that. I can ping it with no problems. Please help.

0 Helpful
2 Replies 2

sergej.gurenko
Level 1
Level 1

‎04-08-2004 08:38 AM

It can be one of the folowing:

1. MTU issue

2. Windows name resolution issue (DNS & Wins)

3. NTLMv2 authentication on win98

Troubleshooting first case:

Try to investigate you maximum MTU with "ping -f -l 1300 remote_host" increasing packet size ( 1350, 1400, 1420, etc) until you get "fragmentation failed" error. After try to enforce MTU adjust on pix.

Second case:

If you have active directory you must have internal, active directory integrated DNS server. Add this DNS server address as a first to all remote site hosts.

Don’t forget to configure same domain name under "My Computer>Properties...>Network Identification>Properties>More...>Primary DNS suffix"

If you want to join Win95 configure Wins server on the server. Reconfigure server to use Wins by himself, Restart server (host are only registering names in wins during restart), configure client to use Wins.

On the same subnet there is usually no domain name resolution problems, because windows resolve names with NBT broadcasts. In you case broadcasts are blocked.

Please report on you success.

Third:

By default NTLM and more secure NTLMv2 autht are bouth allowed on win2000 domain controllers. But NTLM can be disabled for security.

Install active directory client for Win98 to enable NTLMv2 authentication. Client available somewhere on win2000 server CD.

0 Helpful

luckeyday2
Level 1
Level 1
In response to sergej.gurenko

‎04-14-2004 07:43 AM

It is a win nt server. So there is no active directory. I will try the other things. Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card