From: Scott Morris (smorris@xxxxxxxxxxxxxx)
Date: Thu Dec 07 2000 - 12:34:53 GMT-3
Your problem is likely the propgation of broadcasts... Or lack thereof.
One thing you can do (I'm assuming you have a router before (LAN-side) the
PIX) is set up an ip-helper address to forward UDP-level broadcasts (like
138/139 Netbios) to the NT server.
The other thing you can do is bypass that broadcast thought process by using
LMHosts files on the workstations at the branch office. That will pre-load
(if you use the #PRE designation) the NetBIOS cache and give you IP
addresses to go to. So if you have IP reachability, things will work just
fine then.
In LMHOSTS. :
(ip address) (Netbios name) #PRE #DOM:(domain name if domain controller)
Also, to refresh without rebooting the PCs, "nbtstat -R"
Hope this helps!
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Jim Bond
Sent: Thursday, December 07, 2000 1:19 AM
To: cisco@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: tough VPN question
Hello,
I'm trying to set up a IPSec between a PIX (branch
office) and router (central office). All PCs at branch
office share 1 ip address. IPSec seems to be working
fine because clients can ping/telnet/email/map drives
from/to central office. The problem is they can't
logon NT domain. They can ping domain controller
though.
Any idea why they can't log on NT domain? (The
machines were already added to domain)
Thanks in advance.
Jim
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:59 GMT-3