01-11-2002 04:44 PM - edited 02-21-2020 09:58 AM
we have w2k/nt network and using pix520 as vpn gateway. users have no problem connecting to pix and pinging hosts by name. but cannot authenticate on member servers except domain controller. any ideas?
01-17-2002 05:40 AM
For the user name try typing DOMAINNAME\USERNAME
01-22-2002 11:22 AM
We have tried that and it doesn't work. VPN users never receive prompt for network authentication, I think this is the primary reason why the users cannot get access to the network resources.
04-30-2002 04:25 AM
You may want to check the WINS the client are using. Also make sure that Client for Microsoft Networks are enabled on the NIC/PPP adapter which ever you are using for the connection.
07-09-2002 07:13 PM
Hi rlew;
I am not sure if you have IAS on w2k running as your AAA server, but I am going to assume that you do.
there are 2 authentications that take place in establishing a VPN between the client and the PIX, the first phase is the group authentication which takes place on the pix, and the second phase is when the client gets prompted with username/password window which the AAA server use to authenticate.
If you are successful in the group authentication and you are not prompted with the client username/password window it is a setting on your PIX. Make sure you have the following command enabled on the PIX
"crypto map map-name client authentication tag-name"
If the first phase is not successful you need to check your group name and password settings on the PIX and your VPN client software.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: