Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
554
Views
0
Helpful
4
Replies

Site to Site VPN and Windows 2000 Domain issue's

b.joanis
Level 1
Level 1

‎10-01-2004 05:46 AM

I have a site to site VPN between a pix 501 and a 1760 rtr. I have a odd situtuation tha I have encounterd and I am looking for input. The VPN tunnel comes up successfully on both sides. I can ping across the tunel successfully. I can also issue the command :

telnet 192.168.1.10 25 with success.

Unfortuantley when I attempt to map a drive or attach to the 2000 domain I recieve one of three senarios. It will time out, it will prompt me for a password which I enter but it does not accept it or the remote system times out.

The access-list on both sides of the tunnel permit all IP and UDP traffic. The romote 1760 has the FW feature set, I have disabled this, still no luck. Any idea's would be greatly appreciated.

Labels:
0 Helpful
4 Replies 4

Patrick Iseli
Level 7
Level 7

‎10-01-2004 10:11 AM

Browsing will not work because it uses Broadcasts.

A "net use" should work and also a find computer if you have a Wins server configured or you have an lmhosts file defined.

See link bellow:

Configuring PIX to Allow Remote Access to Shared Folders on an NT Domain, The issue in a IOS Firewall is basicly the same.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00801ab781.shtml

Net use should be like that:

net use s: \\192.1.1.1\myshare /USER:Domain\username

hope it helps

Patrick

0 Helpful

mostiguy
Level 6
Level 6

‎10-02-2004 01:14 PM

What is each side using for DNS servers? Are their domain controllers, WINS servers and DNS servers in each physical site?

0 Helpful

b.joanis
Level 1
Level 1
In response to mostiguy

‎10-04-2004 05:37 AM

The remote isight is using a split tunnel set-up. The Remote site is useing the centeral site's DNS server and WINS server. I have tested this by peformoinga a NS lookup, and the remote site successfully uses the centeral sites servers for name resolution. All of the servers, domain controllers ect are physically located in the same building and the same IP subnet: 192.168.1.0 /24

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to b.joanis

‎10-04-2004 07:52 AM

Start debugging using the PIX "capture command". check if their is a respone from the Server if there are droped packets and hitcounts in the access-list on the PIX and on the Router. Put a network analyzer on the Router side.

Check the routing tables on the Servers and try if when you add manually a route on the domain controller with the remote Network, if that helps.

Tranceroute and ping the remote servers and workstation. Of course open the icmp (ping and tracroute) on the PIX and Router access-list.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents