Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
5
Helpful
6
Replies

MS Windows Domains and VPN

anthony.f
Level 1
Level 1

‎04-30-2004 08:49 AM

Hi. Currently, we have VPN connectivity via IPSec and PPTP. However, the precise procedure one must follow so that a MS-DOMAIN can be browsed after attaching to the VPN is still a mystery here. Can you point us in the right direction?

Thanks!!

Labels:
0 Helpful
6 Replies 6

mostiguy
Level 6
Level 6

‎05-02-2004 09:16 AM

you need to use WINS. The death of WINS and the ascent on DNS is greatly overrated for those who still seek to use network neighborhood. You basically want a WINS server in each site, and configure replication between wins servers.

anthony.f
Level 1
Level 1
In response to mostiguy

‎05-02-2004 06:55 PM

Thanks!!

In between the time of the original post and your reply we added WINS. I'm not a Windows guru but I think it may have something to do with the current Windows security policy and the settings relayed to the VPN client depending whether the user logs into the domain or not. Is there a short checklist of what one must do to insure Network Neighborhood Browsing as this still seems to be a problem. Now, sometimes it works, sometimes it doesn't and we're desparately looking for the common denominator...Thanks!!!

0 Helpful

mostiguy
Level 6
Level 6
In response to anthony.f

‎05-03-2004 06:40 AM

WINS is somewhat of a hack, as is the whole network neighborhood population business. Only machines offering shared resources should appear in the browse list. For any win9x/me clients, you will almost assuredly want to configure them to be in a workgroup with the same name as the netbios domain name of your domain.

How milan is achieving browsing without wins, I am fairly mystified, provided they are *not* using LMHOSTS files (do a more %systemroot%\system32\drivers\etc\LMHOSTS - out of the box there is none, and only a .SAM sample. WIthout wins, your browse lists should be segmented by broadcast domains - i.e:

matt, the vpn user, sees nothing

bob, the server admin, sees server[1-10] in his network neighborhood, because the servers are on their own subnet 192.168.0.0/24

sue, the end user, sees pc[1-200] in her network neighborhood because the standard desktop image has file and print sharing enabled because the admins need to hit boxes with the c$ share, etc.

http://www.cisco.com/warp/public/471/vpn-net-hood.html

is worth a look

0 Helpful

milan.kulik
Level 10
Level 10
In response to mostiguy

‎05-03-2004 04:52 AM

Hi,

I'm not using WINS and browsing works fine (See http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.eeaf8e6)

But I'd also like to know the exact procedure how does it work.

Does anybody know any documentation decribing details?

Regards,

Milan

0 Helpful

anthony.f
Level 1
Level 1
In response to milan.kulik

‎05-08-2004 02:33 PM

Unfortunately, I am unfamiliar with the procedure. However, anengineer showed me a check box in the PDM interface that "cured" this issue. Hmm. Of course, I forgot where it was and prefer to do everything via command line. That said, I too, am curious as to the "rules" for Windows Domain access "setup" procedure on the PIX (My original Post). Anyone???

0 Helpful

milan.kulik
Level 10
Level 10
In response to anthony.f

‎05-10-2004 01:16 AM

Hi,

would you please ask the engineer to show you the check box once again?

I think I've tried all possible check boxes and haven't found the one which would "cure" MS browsing.

The only I can imagine is "Bypass access check for IPSec and L2TP traffic" (i.e. sysopt connection permit-ipsec in the config) but it should only permit all IPSec traffic, not MS browsing.

Regards,

Milan

0 Helpful
Customers Also Viewed These Support Documents