Still doesn't work: tough VPN question

From: Jim Bond (trycisco@xxxxxxxxx)
Date: Fri Dec 08 2000 - 02:30:18 GMT-3

• Next message: Fred Ingham: "Re: summary-address vs. static route to null 0"
• Previous message: Dezhong Cai: "Re: Wording"
• Next in thread: Justin Menga: "RE: Still doesn't work: tough VPN question"
• Maybe reply: Justin Menga: "RE: Still doesn't work: tough VPN question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hello,

Thank you guys for the help. Unfortunately, I tried to
put LMHOST file, still doesn't work. We use WINS and I
can ping domain controller using name so I don't think
it's naming issue.

I used a sniffer captured some data, client is sending
logon request to domain controller but didn't get any
response. Looks like PIX blocks it. How do I open
it(port 137, 138, 139)?

Thanks in advance.

Jim

--- Scott Morris <smorris@mentortech.com> wrote:
> Your problem is likely the propgation of
> broadcasts... Or lack thereof.
> One thing you can do (I'm assuming you have a router
> before (LAN-side) the
> PIX) is set up an ip-helper address to forward
> UDP-level broadcasts (like
> 138/139 Netbios) to the NT server.
>
> The other thing you can do is bypass that broadcast
> thought process by using
> LMHosts files on the workstations at the branch
> office. That will pre-load
> (if you use the #PRE designation) the NetBIOS cache
> and give you IP
> addresses to go to. So if you have IP reachability,
> things will work just
> fine then.
>
> In LMHOSTS. :
>
> (ip address) (Netbios name) #PRE #DOM:(domain name
> if domain controller)
>
> Also, to refresh without rebooting the PCs, "nbtstat
> -R"
>
> Hope this helps!
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
> Jim Bond
> Sent: Thursday, December 07, 2000 1:19 AM
> To: cisco@groupstudy.com
> Cc: ccielab@groupstudy.com
> Subject: tough VPN question
>
>
> Hello,
>
> I'm trying to set up a IPSec between a PIX (branch
> office) and router (central office). All PCs at
> branch
> office share 1 ip address. IPSec seems to be working
> fine because clients can ping/telnet/email/map
> drives
> from/to central office. The problem is they can't
> logon NT domain. They can ping domain controller
> though.
>
> Any idea why they can't log on NT domain? (The
> machines were already added to domain)
>
> Thanks in advance.
>
>
> Jim
>

• Next message: Fred Ingham: "Re: summary-address vs. static route to null 0"
• Previous message: Dezhong Cai: "Re: Wording"
• Next in thread: Justin Menga: "RE: Still doesn't work: tough VPN question"
• Maybe reply: Justin Menga: "RE: Still doesn't work: tough VPN question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:26:00 GMT-3