05-28-2002 01:58 AM - edited 02-21-2020 11:46 AM
Problem:
When I try to logon to our W2K domain with the cisco 3000 VPN client 3.5.1(C) using the "enable start before logon" option, I'm only able to logon with cached information. I can ping all my servers in the network ( IP addresses or names ), I can telnet to devices, but I can't open my mail or connect to shares.
I already tried this with a WXP and a W2K PC because of the difference in the use of the PPPOE protocol ( embedded in XP ).
If I try this with a ISDN or modem DAIL-UP connection I CAN logon to the domain and then I CAN connect to shares, open my mail, and so on.
SETUP:
a concentrator 3015 setup with an internal database with 1 user ( for testing ) and a route to ur internal network ( 10.x.y.z ).
All traffic is tunnel over port 80
Has anyone had the same problem, I have currently logged this problem with 3 different providers, but none has a workable solution yet.
05-29-2002 11:48 PM
I got it working for WXP clients using the following article.
The MTU was changed, but not only the LAN MTU had to be changed, also the DIAL-IP MTU had to be changed in order to make it work ( overhead ).
06-10-2002 08:27 AM
We resolved the problem by forcing Kerboros to always use TCP instead of UDP on the client machines. To do this apply the following registry fix:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters]
"MaxPacketSize"=dword:00000001
06-10-2002 10:18 PM
is the mtu set beetween 1200 and 1400 ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide