Router to Router IPSec - Microsoft Domain Login Takes Forever
I have recently implemented a router to router IPSec tunnel between my main facility (C2691VPN) and a remote office (C1761VPN-K9). The transport is an Internet T1 at the remote and multiple T1's at the main office.
Machines in the remote offices that are in the same domain as the remote office take forever to boot up and log in.
Here are some results of lab testing when booting a remote Win2000 client that is a member of the domain/active directory in the main office:
* Startup Windows - A couple seconds
* Preparing Network Connection - 1.5 minutes
* Applying Computer Settings - 1 HOUR
* Login Screen - here I entered my domain credentials
* Loading Your Personal Settings - 22 minutes
* Blue background with wallpaper - Turned off computer after 30 minutes.
These results were in a lab environment using a cross over cable for the T1 interface. I get the same results with identical equipment in the remote office.
I ran another test yesterday where the Loading Your Personal Settings took over 1.5 HOURS. This entire process should only take 60 to 75 seconds.
I have a 256k frame relay connection going to the same office. I can move the above computer over to the frame relay network and the login process takes about 60 seconds.
Anyone seen this before? I can provide configurations if necessary.
Re: Router to Router IPSec - Microsoft Domain Login Takes Foreve
Nope. The only thing on the remote network using the IPSec T1 connection is the PC I am working with and nothing else.
TCP/IP traffic flows over the network fine. As a matter of fact, I'm in TN and the PC is in Canada and I am able to use remote control software from my desk to take over the PC during these long boot and login processes. The tunnel is up and running. Other traffic such as HTTP to our Intranet server is fine as is telnet traffic to our AS/400's back to the main site.
The 256k Frame Relay network works fine. That is what they are using today in production and have been using for several years. I am trying to replace the Frame Relay network with the IPSec T1 connection.
On their production network using the frame relay network, they have a WinNT server that is a PDC. It does not have any shares or relationships with the Active Directory back at the main site. It is stand alone and they do not know about each other. Please note, the PC that I am using in my tests is NOT a member of the domain in the remote office. It is a member of the Active Directory back at the main office in TN.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...