Microsoft Domain Controllers and VPN

t.whiten · ‎11-19-2004

Is there a good documnet that explains the best way to setup a site to site vpn and utilize the features of Windows domain controller. My VPN tunnels work fine but I am unable to log on to the DC. My networks are on two different subnets. I have read that installing and configuring WINS may be the best way to go. Is this the case or is there a better method?

ehirsel · ‎11-19-2004

You certainly should use WINS, or in an envrionment that consists of win2000, win xp, or higher MS OS levels - DNS as WINS may not be necessary in that environment. What wins and dns do, is to remove the broadcast name query method from being used, as most firewalls and gateways will block and not forward those bcast packets.

What type of vpn endpoints are you using? PIX, IOS, other?

Another item that you may run into is path mtu discovery. IPSec VPNS encrypt and then fragment, and newer devices can do adjustments of the tcp mss size, or override the df bit.

If you still hae questions, please post the vpn device configs here, scrubbing any sensitive info and I can try to help.

t.whiten · ‎11-19-2004

Thanks for the reply. I am using PIX 501's running 6.3 I will do a little more homework based on the reply you left. I will certainly post more if I cannot resolve the issue.