Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
2
Replies

How do I allow Windows 2k machines to browse thru an IPSEC VPN on PIX 501s?

colsen
Level 1
Level 1

‎07-09-2003 05:44 AM - edited ‎02-21-2020 12:39 PM

I have an IPSEC VPN established between 2 501 PIX's currently connected with a cross over cable (testing before we go live). I can ping thru, pc to pc fine. I can browse with an IP address and a share name on the remote pc fine.

But, I cannot (Microsoft Netbios) browse thru the vpn with Windows 2000. How can this be done? The Conduit is wide open, but it still doesn't browse thru. I also will be installing active directory on a Win2k domain controller on one side of the VPN to a domain controller on the other side. This needs name lookup as well.

Clues? Ideas? How can I browse thru the VPN?

Current config (purposely "over" opened conduits) just to try to get it to work:

access-list 101 permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 216.166.249.100 255.255.255.240

ip address inside 10.0.0.200 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

nat (inside) 0 access-list 101

conduit permit icmp any any

conduit permit ip any any

route outside 0.0.0.0 0.0.0.0 216.166.249.101 1

Labels:
0 Helpful
2 Replies 2

mike-greene
Level 4
Level 4

‎07-09-2003 06:55 AM

Hi,

You are going to need some kind of name resolution going on (WINS, DNS). When you install the first DC on one side this will bring DNS into the picture. When you build your second DC on the other side your going to have to point that server to the DNS of the first server. After all is done, your probably going to have DNS running on both servers and replicating that between the two or make the zones AD intergrated.

Hope that helps...

PS: In the mean time you can probably edit the host file on each machine and get the same result.

0 Helpful

mostiguy
Level 6
Level 6

‎07-09-2003 07:36 AM

network neighborhood requires WINS in a routed environment. Many things in win2k use DNS, but network neighborhood is still pretty much a nt 4 era hack

0 Helpful
Customers Also Viewed These Support Documents