Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX2PIX IPSec NT Domain Login Failure

I have successfully established an IPSec site to site tunnel with the 2 endpoints being a PIX 515 with 6.21ED code and a PIX 506E with 6.12 code.

The problem is that when I reboot the Windows client, the NT domain login fails. If I cancel out of the login dialog box and go to a command prompt and ping a host on the remote LAN, the tunnel comes up. Immediately after this, I can do a SHUT DOWN>>LOG OFF>> and do a successfull NT domain login.

I can see network traffic on the inside interface of the PIX when I reboot my PC and assume this is the client peforming its login process. But it appears that this is not deemed as interesting and therefore doesn't bring up the tunnel.

With the VPN client application, there is a setting that allows you to initiate the remote access tunnel prior to the login process.....I need the equivalent type of solution for this site to site tunnel.

This remote site client needs to have domain authentication to access resources located at the HQ. The client IP addresses and other relevant info such as WINS and DNS are statically assigned. So no LMHOSTS involved at the moment.

I don't know what kind of process is involved when the client boots and initiates the domain login process. But it seems that the domain login process is not "interesting" and therefore not initiating the tunnel setup.

My access-list to determine interesting traffic simply that identifies the source address as being from the remote site and the destination address as being that of the HQ location.

2 REPLIES
Bronze

Re: PIX2PIX IPSec NT Domain Login Failure

If I understand you correctly, you should not need to use the Cisco VPN client in a LANtoLAN (PIX to PIX) solution. If your IPSec tunnel is established, the access lists in your config will specify what traffic is to be encrypted and send it across.

New Member

Re: PIX2PIX IPSec NT Domain Login Failure

I see your problem. I myself have seen a delay of 5 to 10 seconds in the tunnel creation even with interesting traffic. This could be a timing issue. Several logon attempts fail? None of that traffic seems interesting?

Issue SHOW CRYPTO IPSEC SA

Look to see if the tunnel is up in one direction at least.

There is also something called KEEPALIVES which might help you.

287
Views
0
Helpful
2
Replies
CreatePlease to create content