Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

W2K logon through a VPN tunnel over ADLS problem

Problem:

When I try to logon to our W2K domain with the cisco 3000 VPN client 3.5.1(C) using the "enable start before logon" option, I'm only able to logon with cached information. I can ping all my servers in the network ( IP addresses or names ), I can telnet to devices, but I can't open my mail or connect to shares.

I already tried this with a WXP and a W2K PC because of the difference in the use of the PPPOE protocol ( embedded in XP ).

If I try this with a ISDN or modem DAIL-UP connection I CAN logon to the domain and then I CAN connect to shares, open my mail, and so on.

SETUP:

a concentrator 3015 setup with an internal database with 1 user ( for testing ) and a route to ur internal network ( 10.x.y.z ).

All traffic is tunnel over port 80

Has anyone had the same problem, I have currently logged this problem with 3 different providers, but none has a workable solution yet.

3 REPLIES
New Member

Re: W2K logon through a VPN tunnel over ADLS problem

I got it working for WXP clients using the following article.

The MTU was changed, but not only the LAN MTU had to be changed, also the DIAL-IP MTU had to be changed in order to make it work ( overhead ).

http://www.cisco.com/warp/public/707/ipsec_debug.html

New Member

Re: W2K logon through a VPN tunnel over ADLS problem

We resolved the problem by forcing Kerboros to always use TCP instead of UDP on the client machines. To do this apply the following registry fix:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters]

"MaxPacketSize"=dword:00000001

New Member

Re: W2K logon through a VPN tunnel over ADLS problem

is the mtu set beetween 1200 and 1400 ?

92
Views
0
Helpful
3
Replies
CreatePlease to create content