cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1246
Views
0
Helpful
15
Replies

Cannot get to NTServer although VPN is working

mburnford
Level 1
Level 1

I can set up a VPN from Cisco VPNClient3.0 to PIX506 v6.0(1) and then telnet to a UNIX host on 192.0.0.128, but I cannot get a logon dialog to the WindowsNT Server on 192.0.0.65. The UNIX, NT Server, and PIX inside interface are all on the same LAN 192.0.0.0.

I can ping the NT Server on 192.0.0.65 but how do I get a logon prompt to enter the domain?

Many thanks

Michael Burnford

15 Replies 15

travis-dennis_2
Level 7
Level 7

What OS is on the client?

The client runs Windows 2000 Professional. But - when it all works - there will be other clients running other OS like W98, NT4, 2000, XP Pro.

Michael

cjacinto
Cisco Employee
Cisco Employee

If your client is an NT server, you would not get a login prompt as NT/W2K uses the cached credentials to logon you on to the domain. See MS website for explanation of cached credentials. You see only the

domain login, on 95/98 machines. If you want to access resources on the domain, you could manually map to it using names (if Wins is working properly) or its ip address and if your credentials are not right, ie local credentials is diff than domain credentials, a login prompt would appear. The client comes with start before login feature, which basically runs the client as a service and logs you onto the VPN, and then to the domain.

Is the client PC already part of the domain? If so is it set up to prompt for a username/password and Domain? This is more a PC side function that VPN.

The client is Win2000Pro. It does have network access to the NT Server, and will give me the logon prompt with \\\ when accessing over the LAN. However, when using VPN (from home) I do not have LAN cable connected. The VPN works, I can ping the server by IP address, but the \\\ can't find the server share.

I have tried Start before logon, and most things I can think of. There is a route in the server to the PIX for the IP of the client (allocated from the IP Pool).

Although there is a Dial-up connection for the connection to the ISP, there is none for the connection inside the VPN tunnel. Does this have to be created before it will work? If so, how do I create a connectoid when it only exists when VPN is active? And anyway, the Telnet to the UNIX host on the LAN works even though there is no connectoid.

Thanks

Michael

Do you have the same problems when this PC is directly connected to the LAN? Try to ping by server name instead of ping "ipaddress" type ping and the name of the server you are trying to reach. Like if the server name was Marvin, from a command prompt type "ping marvin". Does this work? If not you have a name resolution issues and we can address that. If you can't do that let me know and as a head start find out how you are doing name resolution. WINS maybe?

When connected on the LAN it all works well. I can connect by name or IPaddress and get a logon dialog, and ping works with either. When connected through VPN I cannot connect with either ip or name ("The network path was not found"), but ping by IPaddress works. Ping by name does not ("Unknown host ").

Surely if the problem was name resolution it would still work with IPAddress?

Thanks

Michael

Ah-ha! I've just partially fixed it. The connectoid to the ISP did not have the Client for Microsoft Networking enabled (well you wouldn't normally want this to get to the Internet, so it is not enabled by default). Anyway, once enabled I get a logon dialog and can logon to the server.

There is still the issue of having to use the server ipaddress as the name is not being resolved. But I have put the server IP address as the WINS server, and it seem to work.

The next step is how to package all this up so I can send out one CD so remote client can install it all!

Still, so far so good. Thanks for your help.

Michael

Well I just wrote up a whole thing and you seem to be having the same problem as I am. I tried to do the same things (enable File Sharing) but it still doesn't seem to work. I don't use Wins on this LAN configuration that I have.

Do you have any other suggestions (look at my problem entitled XP VPN Client - Connected but Nothing else)

Thanks!

Its not "File Sharing" I changed, but "Client for Microsoft Networks". File sharing is to allow access to your client. I needed to allow my client to act as a client to a Microsoft Server. You probably must have networking installed to get the Client.

I'll look at your posting. Bye

Michael

Hello !

I'm having the same problem with the WINS enabled.

My client see all the LAN by IP address and can browse any PC shares but it cannot use WINS resolution. But che VPN CLient PC is registered on the WINS and other pc on the LAN can resolve its NETBIOS name. The VPN CLient PC has the WINS set up on the configuration... but still cannot resolve names :(

Any suggest , at least to debug this situation?

How can I check if it's a problem of the WINS client not working or the WINS server not responding his request?

(the wins server is on a different IP subnet)

thanks

Alex

try to ping by name "ping pcname" and see what happens. Make sure that Client for MS Networks" and File and Print Sharing are turned on.

What about if I don't have a WINS server? Shouldn't I be able to map a drive using IP address?

Since I can't, what can I do to try and figure out why I don't. (I have the client for Microsoft Network on there with File Sharing enabled)...

Thanks!

Another easy way to resolve this issue is to use a hosts file and put the entry for that server in there. hosts files are not a very flexable solution but it does work. now when you "ping servername" it should go. Still need wins though to access server shares i believe. But give it a try anyhow and let me know if it works.