Cisco Support Community
Community Member

PIX 515 and 826 VPN, Clients on 826 end can not logon to domain W2K

On the office side we are using a PIX 515 with 3Des encyrption and OS 6.2.

In the branch we use a 826 router with IP FW Plus and 3Des encryption.

The tunnel gets established.

Name resolution is working fine.

I can ping any resource on the other site.

Terminal server is working fine to.

Neither PIX nor Router are denying any traffic trough the tunnel

I do get problems while connection to shares or logon to the domain during boot up.

I allways receive that a domain controller could not be found.

Also modifying the lmhosts containing the domain controller and domain name does not solve the problem.

Any Idea?

Community Member

Re: PIX 515 and 826 VPN, Clients on 826 end can not logon to dom

So you have a L2L tunnel from the 826 to the pix 515? The tunnel establish's and you can ping back and forth. Not sure whether you have this in a lab or its live but I'm guessing that you did a "show crypto ipsec sa" on the pix to verify that your are indeed encrypting and decrypting traffic? Usually in a L2L situation and you can ping, its not a ipsec tunnel issue. But more of a client server problem. You have DC on both sides of the tunnel? Your clients can log on to there pc's without the tunnel being up? Both sides are in the same domain? What OS are your workstations? Have they already joined the domain previously. Are you using DHCP or statics?

Kurtis Durrett

Community Member

Re: PIX 515 and 826 VPN, Clients on 826 end can not logon to dom

The tunnel is established and the data gets encrypted. On the 826 site is just a small network with two PC's. And sometimes with notebooks from the office. There is no local domain controller available on the SOHO.

The clients can logon locally but it takes up and tremendous time. And it seams that only clients belonging to the domain do have this particular problem. No domain members can connect to shares but workgroup members can. It sea no reason because any ip traffic is permitted to travel the tunnel.

CreatePlease to create content