PIX VPN Internet Access, NT Browsing and Login Issues
I've configured a PIX/VPN in my lab. The PIX is running version 6.1 the VPN client is 3.5 running on W2K. I am not using radius/tacacs authentication. The following works fine:
- IP protocols
- Ping servers by netbios name
- DNS resolution
What doesn't work is:
- Cannot see my lab domain in Network Neighborhood
- Can't get to the Internet without doing split tunneling
- Can't get a network login
Could someone tell me what I need to do to get the rest of these things working. I could probably get by with split tunneling for Internet access (although the client might not allow that) but I have to have the Network login and the Neighborhood working. Thanks in advance...
Re: PIX VPN Internet Access, NT Browsing and Login Issues
I found the answers to my questions. For anyone else that's interested see below:
Q. Cannot see my lab domain in Network Neighborhood
A. It looks like you must login to the domain to see the Network Neighborhood.
Q. Can't get to the Internet without doing split tunneling.
A. The PIX doesn't allow traffic to "hairpin" or go back out the same port it came in on.
Q. Can't get a network login
A. At least for W2K using the VPN client 3.5, you must initiate the VPN prior to logging in. Note: I had to manually add the computer to the domain as it didn't work on the fly. I would guess this shouldn't be an issue with W95/98 but probably will be with NT and XP.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...