Apologies in advance for the rather long winded nature of this message. Hopefully you'll understand what I'm talking about.
We have a Cisco RSA Ace/server remote access system. On the outside of our network is a 2600 router which is connected to our firewall (Checkpoint firewall-1 v4.1 SP5 running on NT4 SP6a) via it's DMZ interface card.
We have found that in order to get a user logged onto our domain over the RAS, their computer must have previously logged onto to domain whilst connected directly to the LAN (ie the user's profile must be on the computer already).
If I dial in using a computer without my profile on there, it will let me create a computer account on the domain, but when attempting to log in it says the domain is unavailable. Authentication on the RAS router is not a problem.
We have other WAN links which allow users at other sites to log in without their profiles being already set up, so the firewall services etc are already in place, and as far as I can see, the RAS should behave the same as those WAN links as it has been put in the same groups etc on the firewall.
Can anyone suggest any reason why it won't let us do this?
Found the answer to this one. It is simply a matter of waiting one minute after receiving the "cannot logon because the domain is unavailable" message, then attempting the domain logon again, and then it works. I found this hint on a page talking about VPNs.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...