I can set up a VPN from Cisco VPNClient3.0 to PIX506 v6.0(1) and then telnet to a UNIX host on 220.127.116.11, but I cannot get a logon dialog to the WindowsNT Server on 18.104.22.168. The UNIX, NT Server, and PIX inside interface are all on the same LAN 192.0.0.0.
I can ping the NT Server on 22.214.171.124 but how do I get a logon prompt to enter the domain?
The client runs Windows 2000 Professional. But - when it all works - there will be other clients running other OS like W98, NT4, 2000, XP Pro.
If your client is an NT server, you would not get a login prompt as NT/W2K uses the cached credentials to logon you on to the domain. See MS website for explanation of cached credentials. You see only the
domain login, on 95/98 machines. If you want to access resources on the domain, you could manually map to it using names (if Wins is working properly) or its ip address and if your credentials are not right, ie local credentials is diff than domain credentials, a login prompt would appear. The client comes with start before login feature, which basically runs the client as a service and logs you onto the VPN, and then to the domain.
Is the client PC already part of the domain? If so is it set up to prompt for a username/password and Domain? This is more a PC side function that VPN.
The client is Win2000Pro. It does have network access to the NT Server, and will give me the logon prompt with \\
I have tried Start before logon, and most things I can think of. There is a route in the server to the PIX for the IP of the client (allocated from the IP Pool).
Although there is a Dial-up connection for the connection to the ISP, there is none for the connection inside the VPN tunnel. Does this have to be created before it will work? If so, how do I create a connectoid when it only exists when VPN is active? And anyway, the Telnet to the UNIX host on the LAN works even though there is no connectoid.
Do you have the same problems when this PC is directly connected to the LAN? Try to ping by server name instead of ping "ipaddress" type ping and the name of the server you are trying to reach. Like if the server name was Marvin, from a command prompt type "ping marvin". Does this work? If not you have a name resolution issues and we can address that. If you can't do that let me know and as a head start find out how you are doing name resolution. WINS maybe?
When connected on the LAN it all works well. I can connect by name or IPaddress and get a logon dialog, and ping works with either. When connected through VPN I cannot connect with either ip or name ("The network path was not found"), but ping by IPaddress works. Ping by name does not ("Unknown host
Surely if the problem was name resolution it would still work with IPAddress?
Ah-ha! I've just partially fixed it. The connectoid to the ISP did not have the Client for Microsoft Networking enabled (well you wouldn't normally want this to get to the Internet, so it is not enabled by default). Anyway, once enabled I get a logon dialog and can logon to the server.
There is still the issue of having to use the server ipaddress as the name is not being resolved. But I have put the server IP address as the WINS server, and it seem to work.
The next step is how to package all this up so I can send out one CD so remote client can install it all!
Still, so far so good. Thanks for your help.
Well I just wrote up a whole thing and you seem to be having the same problem as I am. I tried to do the same things (enable File Sharing) but it still doesn't seem to work. I don't use Wins on this LAN configuration that I have.
Do you have any other suggestions (look at my problem entitled XP VPN Client - Connected but Nothing else)
Its not "File Sharing" I changed, but "Client for Microsoft Networks". File sharing is to allow access to your client. I needed to allow my client to act as a client to a Microsoft Server. You probably must have networking installed to get the Client.
I'll look at your posting. Bye
I'm having the same problem with the WINS enabled.
My client see all the LAN by IP address and can browse any PC shares but it cannot use WINS resolution. But che VPN CLient PC is registered on the WINS and other pc on the LAN can resolve its NETBIOS name. The VPN CLient PC has the WINS set up on the configuration... but still cannot resolve names :(
Any suggest , at least to debug this situation?
How can I check if it's a problem of the WINS client not working or the WINS server not responding his request?
(the wins server is on a different IP subnet)
try to ping by name "ping pcname" and see what happens. Make sure that Client for MS Networks" and File and Print Sharing are turned on.
What about if I don't have a WINS server? Shouldn't I be able to map a drive using IP address?
Since I can't, what can I do to try and figure out why I don't. (I have the client for Microsoft Network on there with File Sharing enabled)...
Another easy way to resolve this issue is to use a hosts file and put the entry for that server in there. hosts files are not a very flexable solution but it does work. now when you "ping servername" it should go. Still need wins though to access server shares i believe. But give it a try anyhow and let me know if it works.