Im looking for a router that will permit connecitons over ADSL to our WAN and permit windows logon for each of the PCs at our branch offices.
Our telco has set us up with IP Stream (remote sites see me as a service provider) with designated Broadband connections routed directly to our WAN from the telco ADSL cloud (ie NOT via the internet).
Tried other manuf. SOHO routers and can get PCs to manually map drives, ping IP addresses and resolve host names in local LMHOSTS, as well as access the intranet. However we cant get the PC's to run the NT domain login script. Tried unblocking firewall ports, and even tried a router with firewall apparently switched off by default , but config options are limited on these products.
Is there a Cisco product that will allow detailed config of routing and firewall options? I need up to 1000 of these so cost is a major factor.
Any idea what is getting screwed up by the products we are already using?
Telco claims that they are not blocking traffic (e.g. UDP/IP ports) in any direction.
I don't know the numbers of users involved but perhaps you could get a Cisco router that accepts the ADSL WIC card (2600/3600 for sure but I am sure there are others)and create a VPN tunnel back to the main office. If configured correctly this should get you what you need. I personally have not done it this way but I thiink it can work, If you want a definite then get a 3002 VPN Hardware client behind that router and if you can establish a tunnel using Network Extension Mode then you are golden. All PCs behind the 3002 will actually be logging on to the windows domain at the central site, and all of your scripts will work.
I just read the part about needing 1000 of these units. If the telco gives you some sort of device that you can terminate your ADSL connection on an ethernet port then bring the ADSL into the remote site with ethernet, hook up a 3002 hardware VPN client and get a 5000 series concentrator at the central site. That would be the cheapest way I think. You could do this with a frewall as well but I like the concetrator for this type of application. If budget permits you could put a small PIX in front of the VPN client at each location as well for added security.
Sounds more like the problem is with name resolution than blocked ports etc - you mention you can ping IPs or use LMHOSTS to resolve names, however are you adding PDC records to LMHOSTS? If not you may have logon issues like this...
Try setting up WINS at your primary site and making sure the remote hosts are set up to use it for name resolution (that's if you're using NT4 - Win2K just use DNS). Once this is up and working you don't need to edit LMHOSTS and it should prevent any problems like those you mentioned.
You also want to use a VPN between your sites, computers on an NT domain will be unhappy if they have limited access to each other (i.e. file shares won't work properly, hence no access to SYSVOL where logon scripts are held).
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...