Hi,

you are right, we are using "pure Windows 2000 domain controllers".

The strange thing is that when I was testing my remote VPN configuration "on the table" (i.e. connected to my PIX via an Ethernet interface of my PC), I was able to see other PCs in Windows domain via Network Neighborhood and connect to them by simple clicking on a chosen PC seen on the list.

Now I'm testing the same connection via dial-up.

I'm able to search the Active Directory, find the PC name, put it to the Windows Explorer Address field an connect to the PC.

But I don't see the other PCs via Network Neighborhood.

I've found

"Windows 2000 (only) Requires Adding Client for MS Networks for Dialup connections. For the Cisco VPN Client running on a Windows 2000 system, you cannot access Microsoft resources unless you add the Client for Microsoft Networks for the Dial-up adapter."

in the Release Notes for VPN Client, Release 4.0 through Release 4.0.4.

Does it mean that when I add Microsoft Network client to the Dial-up adapter properties, I should be able to see the neighbours in MS Windows domain?

(I tried with no success.)

Thanks,

Milan

Yes, I've read this article.

I'm able to map drives by IP address. I see the MS neighbours in MS Active Direstory running WIndows2000 on my remote PC.

But I don't see anything in Network Neighborhood. Browstat output says browsing is not active on domain.

I can understand that I'd have to use WINS to see MS neighbours.

BUT what I don't understand is following:

When I was testing the same connection in my lab, I connected through the Ethernet NIC from my PC to the PIX outside interface (to simulate "Internet" environment "on the table"). And I was able to see the neighbours in Network Neighborhood.

Now I'm connecting via Dial-up connection. And I don't see the neighbours in Network Neighborhood.

So what is the difference while connecting via Ethernet NIC or Dial-up?

Regards,

Milan

Milan,

Was the test done with the same machine?

I had similar problem but the machine in the "lab" was part of the Windows Domain, whereas the other was not.

With the first machine I was able to browse, but not with the second.

Yes,

it was done with the same notebook.

But I've got a new idea now: It seems like the "neighborhood" I was able to see was just some cached buffer of neighbours. The notebook was connected to the Windows network before moving to the lab, so it's possible (only Bill Gates knows) that there was some neighbours cache which remained for some time even after PC reload.

The dial-up connection was realized several days later so the cache might be timed-out that time.

I'll test this idea and let you know.

Rgerads,

Milan

Milan,

on the dial-up do you have "Client for Microsoft Networks" and "File and Print Sharing" checked?

Yes, I do.

Regards,

Milan

I read through some microsoft pages and here is my conclusion:

I had the same problem - Machine just otside of the PIX, part of the internal W2K domain connects fine and it browses the internal resources(servers, printers). Machine at home, not part of the W2K domain connects fine, pings by name and IP internal resources fine, maps drives by name and share name(even though you have to provide credential for mappings). Both machines use Cisco VPN client and users are authenticated through IAS Radius against their domain accounts(Dial in access allowed).

So the issue seems to be being or not part of the W2K domain. When you logon with your domain credentials but the machine is not part of the domain and you try to browse the network the machine has no knowledge of the domain you want to browse even though you provided WINS servers. It simply tries to see if there is other resources in the workgroup it currently is part of.

So you think there is a different situation when you use login credentials or you login to the Windows domain completely (including logon script)?

I've not noticed any difference.

You can even enable Start before logon option in your VPN client configuration which enables you to connect via your VPN client to the PIX first and to login to the Windows domain finally. But still MS browsing doesn't work without a WINS server.

What was the exact situation when "Machine just otside of the PIX, part of the internal W2K domain connects fine and it browses the internal resources(servers, printers)." ?

Was WINS server running that time?

Regards,

Milan

Yes, WINS server was running and its IP was donwloaded to the VPN client as part of the VPN connectivity.

I probably wasn't very clear in my previous post.

What I was trying to say was that it matters if the machine you are running the VPN client from is part of a domain(meaning there is a computer account for that machine in the domain).

So when this machine get connected to the internal network it knows to ask the WINS server about resources in particular domain(the one it is part of).If it wasn't part of the internal domain it would ask the WINS server about resources in the WORKGROUP the computer is configured to use at the moment.. the WINS of course wouldn't know about that WORKGROUP.

Regards,

-GH

Well, I've tried to repeat the situation when I had been able to see other PCs in the "network neighborhood".

But I was not able!!!

So it really seems like some Windows bug not cleaning some NETBIOS buffer or something like that.

Everything works now "as it should", i.e. I'm not able to see ""neighbours" without WINS server running.

Thanks for your replies, guys.

Regards,

Milan

I am having similar issues. I have a windows 2003 domain (Domain functional level: Windows 2000 Native). I am also running WINS. If I am on the local network I can browse network neighborhood fine (even if on a separte broadcast domain). However when I VPN into my network (PIX terminiating VPN tunnel) I am no longer able to browse network neighborhood. When I vpn in i am able to ping by IP netbios name and FQDN. The PC I am using to do all this is a Windows XP Pro laptop in a workgroup.

Any Ideas?

Thanks

Frank