Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Remote Access

Apologies in advance for the rather long winded nature of this message. Hopefully you'll understand what I'm talking about.

We have a Cisco RSA Ace/server remote access system. On the outside of our network is a 2600 router which is connected to our firewall (Checkpoint firewall-1 v4.1 SP5 running on NT4 SP6a) via it's DMZ interface card.

We have found that in order to get a user logged onto our domain over the RAS, their computer must have previously logged onto to domain whilst connected directly to the LAN (ie the user's profile must be on the computer already).

If I dial in using a computer without my profile on there, it will let me create a computer account on the domain, but when attempting to log in it says the domain is unavailable. Authentication on the RAS router is not a problem.

We have other WAN links which allow users at other sites to log in without their profiles being already set up, so the firewall services etc are already in place, and as far as I can see, the RAS should behave the same as those WAN links as it has been put in the same groups etc on the firewall.

Can anyone suggest any reason why it won't let us do this?

Regards,

Phil.

2 REPLIES
New Member

Re: Remote Access

Hi Phil,

Not very clear what is wrong. May be this page might be of some help.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007dee3.html

New Member

Re: Remote Access

Found the answer to this one. It is simply a matter of waiting one minute after receiving the "cannot logon because the domain is unavailable" message, then attempting the domain logon again, and then it works. I found this hint on a page talking about VPNs.

Thanks for your response.

Phil.

81
Views
0
Helpful
2
Replies
CreatePlease to create content