Re: cisco vpn connection

From: robbie (robbie@packetized.org)
Date: Wed Jul 20 2005 - 23:04:19 GMT-3

• Next message: Larry Roberts: "Re: cisco vpn connection"
• Previous message: cacca mucca: "Re: cisco vpn connection"
• Maybe in reply to: john matijevic: "cisco vpn connection"
• Next in thread: Larry Roberts: "Re: cisco vpn connection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

LMHOSTS on remote laptops or machines of any sort is a less than elegant
solution to this problem. Administratively, this is a complete nightmare
  (speaking from recent, direct experience). Additionally, the LM in
LMHOSTS is short for 'LAN Manager', the old networking
protocol/application used for O.G. Microsoft file sharing. The file that
he would want to edit would not be LMHOSTS, but rather his regular
'hosts' file, which can be found in the same directory, I would imagine.
LMHOSTS lookup doesn't have any support for FQDNs like a regular 'hosts'
file (<gethostbyname> resolver lookup), IIRC.

John: Are your VPN clients using a PPTP tunnel to the PIX in question?
Are they configured to use default gateway on remote network? Are they
assigned addresses that could conceivably be forwarded through the IPSEC
connection?

Group: Can the PIX accept traffic in via a PPTP link and then forward it
across an IPSEC tunnel? I seem to remember being able to do that,
despite not finding any concrete evidence through Google.

Cheers,
Robbie

cacca mucca wrote:
> Would you use LMHOSTS on the PC(s) until final a resolution is found?
>
>> From: john matijevic <john.matijevic@gmail.com>
>> Reply-To: john matijevic <john.matijevic@gmail.com>
>> To: cacca mucca <caccamucca@hotmail.com>
>> CC: ccielab@groupstudy.com
>> Subject: Re: cisco vpn connection
>> Date: Wed, 20 Jul 2005 17:48:06 -0400
>>
>> Cacca,
>> This is not a poor network design, I am using a PIX firewall for testing
>> right now. Also I would like to add that I would not advise anyone to
>> upgrade from 6.34 to 7.0 in production, I have done with testing and have
>> run into a lot of issues, even though Cisco TAC has stated that there
>> would
>> be no issue with the latest interim release.
>> Sincerely,
>> John
>>
>> On 7/20/05, cacca mucca <caccamucca@hotmail.com> wrote:
>> >
>> > Make that an LMHOSTS file. LOL
>> >
>> > >From: "cacca mucca" <caccamucca@hotmail.com>
>> > >Reply-To: "cacca mucca" <caccamucca@hotmail.com>
>> > >To: john.matijevic@gmail.com, ccielab@groupstudy.com
>> > >Subject: RE: cisco vpn connection
>> > >Date: Wed, 20 Jul 2005 17:14:37 -0400
>> > >
>> > >Sounds like a poor network design. Looks like they can use an external
>> > DNS,
>> > >punch a hole in the firewall for the DNS queries, or edit the
>> LMHOST file
>> > >on the PC. What???? You can do that???? Network 101.
>> > >
>> > >
>> > >
>> > >>From: john matijevic <john.matijevic@gmail.com>
>> > >>Reply-To: john matijevic <john.matijevic@gmail.com>
>> > >>To: Group Study <ccielab@groupstudy.com>
>> > >>Subject: cisco vpn connection
>> > >>Date: Wed, 20 Jul 2005 12:02:41 -0400
>> > >>
>> > >>Hello Team,
>> > >>I am having the following issue:
>> > >>I have a cisco vpn client that is having problems getting to the DNS
>> > >>server
>> > >>on a remote PIX network. The problem is the DNS server is on
>> another pix
>> > >>that the client is not connecting to. So what happens is that the
>> client
>> > >>connects to a pix515, than there is a connection to another pix
>> 515 that
>> > >>is
>> > >>on the same network as the dns server. If I connect the client to the
>> > pix
>> > >>that the dns server is connected to it works fine. There is a vpn
>> > >>connection
>> > >>between the 2 pixes. Please contact me offline to discuss.
>> > >> Sincerely,
>> > >>
>> > >>--
>> > >>John Matijevic, CCIE #13254
>> > >>U.S. Installation Group
>> > >>Senior Network Engineer
>> > >>954-969-7160 ext. 1147 (office)
>> > >>305-321-6232 (cell)
>> > >>
>> >
>> >>_______________________________________________________________________
>> > >>Subscription information may be found at:
>> > >>http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >_________________________________________________________________
>> > >Express yourself instantly with MSN Messenger! Download today - it's
>> > FREE!
>> > >http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>> > >
>> >
>> >_______________________________________________________________________
>> > >Subscription information may be found at:
>> > >http://www.groupstudy.com/list/CCIELab.html
>> >
>> > _________________________________________________________________
>> > Dont just search. Find. Check out the new MSN Search!
>> > http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>>
>>
>>
>> --
>> John Matijevic, CCIE #13254
>> U.S. Installation Group
>> Senior Network Engineer
>> 954-969-7160 ext. 1147 (office)
>> 305-321-6232 (cell)

• Next message: Larry Roberts: "Re: cisco vpn connection"
• Previous message: cacca mucca: "Re: cisco vpn connection"
• Maybe in reply to: john matijevic: "cisco vpn connection"
• Next in thread: Larry Roberts: "Re: cisco vpn connection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3