Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
0
Helpful
1
Replies

workaround for vpnClient + PIX + microsoft

agurekian
Level 1
Level 1

‎02-25-2003 08:30 AM - edited ‎02-20-2020 10:34 PM

Hi all.

I had a lot of trouble while trying to configure windows vpn clients to connect to an internal network through a PIX.

W98 clients could not authenticate on the microsoft domain, while w2000 clients authenticated themselves and therefore accessed the network resources, but still could not browse the internal network in the way they did it while in LAN.

An almost identical configuration was working in other sites.

Finally, removing the PCMCIA-Ethernet, disabling the Network Card or changing its IP address solved the problem.

I got to authenticate with w98 and the internal resources browsing worked just fine. (w2000 is still under testing)

The intranet was 10.0.0.0/16, and my NIC was configured for 10.0.0.x/24.

I guess the PC tries to reach the WINS server (and get informations about the PDC) through the Ethernet NIC, unless it is disabled or on a different subnet (that was the case with the other working sites).

The VPN clients were DHCP clients, but they retained the IP address even after a restart.

We had to give an "ipconfig /release" command to let the VPN work properly.

A script that launches that command first, and then opens the VPN client seems to be a solution, but actually it is just a workaround.

I don't know if anyone already solved that problem in some other way.

I could not find anything better than this while searching on the internet or in the docs.

I'd like a more elegant solution, though.

Any suggestions?

Ciao :)

Aram Gurekian - alter.net srl

PS: please note that the name "INTERNET & MULTIMEDIA" at the right of my name in the post headers is *incorrect*. I don't seem to be able to change it without losing something somewhere else. Any Cisco web-programmer listening?!? :))

0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎02-25-2003 08:06 PM

This is a Microsoft issue, it will always send the packet out the NIC if it has the same network address as what you're trying to get to over the tunnel. There's no way around it other than removing the IP address off the NIC (or changing the address to be something different).

See http://www.cisco.com/warp/public/471/ms_route.html (which has links to MS articles describing this behaviour)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card