Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
3
Replies

Troubles with client browsing the Internal Network

kylesmith
Level 1
Level 1

‎06-27-2002 11:11 AM - edited ‎03-08-2019 11:12 PM

I have a PIX 515 setup as a VPN server and am using W2K as vpn client. The problem i'm having is the client can't browse to shared folde in the network. From the client I can Authenticate using L2TP?IPSEC and if I try to browse the network using UNC or Network Places I get an error stating that there are no logon server available. The strange part is from the network I can browse the client using UNC and Network Places. I need some help Thanks

Labels:
0 Helpful
3 Replies 3

paqiu
Level 1
Level 1

‎06-27-2002 03:27 PM

What VPN client are you using ? At this moment, we only have L2TP with IPSEC and Certificate when you are using L2TP with IPSEC from W2k to PIX.

Here is the sample config:

http://www.cisco.com/warp/customer/110/l2tp-ipsec.html

To NT browse your network, you need following stuff:

1 Name resolution is working, have you push WINS to the client ?

2 You need login to the domain.

Windows 95 and 98 got prompt window for login to the domain after the VPN tunnel building up.

For the Windows 2000, they are using cached credential to login to the domain.

Here is the troubleshooting guide:

"1 make sure that WINS ip address is getting assigned to the client

2 Make sure that the client is able to ping the WINS server by the ip address

3 Make sure that the client is able to ping the internal hosts by the ip address

4 Make sure that the client is able to ping the internal hosts by the netbios name

5 Make sure that the client is able to find the computer using "Start ->find -> Computer "

Or “net use i: \\ \ \\”

6 Make sure you can map a drive.

7 Make sure that customer have login to the domain"

0 Helpful

kylesmith
Level 1
Level 1
In response to paqiu

‎06-27-2002 04:17 PM

I can ping the host with IP and netbios name, but I 'm unable to map a drive or fing the host using "Start ->find -> Computer " Or “net use i: \\ \ \\. I can Authenticate though.

The Strange thing is hosts within my Intrenal Network can connect to the remote client using using "Start ->find -> Computer " Or “net use i: \\ \ \\

0 Helpful

paqiu
Level 1
Level 1
In response to kylesmith

‎06-29-2002 04:13 PM

I belive you might run into a microsoft bug.

The reason why you can map a drive from your internal network is because all the PC has authenticated to your domain controller when the PC start-up.

So all the PCs got the token and authorization stuff from the domain controller.

VPN client PC has no chance to login to the domain during the PC start-up.

So it use "Cached Credentials", but sometimes it does not work correctly according to Microsoft ducumentation.

Authentication May Still Be Required When You Use Cached Credentials

http://support.microsoft.com/support/kb/articles/Q297/2/78.ASP

For this reason, for VPN 3000 concentrator, we provide "start before logon" feature. When you VPN client PC boot up, it will launch the modem-dialup, then launch the VPN client, get the VPN connection. Then prompt you for logon to the windows screeen. From this way, you can authenticate to the domain controller and get the token and authorization stuff.

"start before logon" has not been implemented in the PIX. Would you please check with Microsoft with "cached credential", make sure that is working fine.

0 Helpful
Customers Also Viewed These Support Documents