I had a lot of trouble while trying to configure windows vpn clients to connect to an internal network through a PIX.
W98 clients could not authenticate on the microsoft domain, while w2000 clients authenticated themselves and therefore accessed the network resources, but still could not browse the internal network in the way they did it while in LAN.
An almost identical configuration was working in other sites.
Finally, removing the PCMCIA-Ethernet, disabling the Network Card or changing its IP address solved the problem.
I got to authenticate with w98 and the internal resources browsing worked just fine. (w2000 is still under testing)
The intranet was 10.0.0.0/16, and my NIC was configured for 10.0.0.x/24.
I guess the PC tries to reach the WINS server (and get informations about the PDC) through the Ethernet NIC, unless it is disabled or on a different subnet (that was the case with the other working sites).
The VPN clients were DHCP clients, but they retained the IP address even after a restart.
We had to give an "ipconfig /release" command to let the VPN work properly.
A script that launches that command first, and then opens the VPN client seems to be a solution, but actually it is just a workaround.
I don't know if anyone already solved that problem in some other way.
I could not find anything better than this while searching on the internet or in the docs.
I'd like a more elegant solution, though.
Aram Gurekian - alter.net srl
PS: please note that the name "INTERNET & MULTIMEDIA" at the right of my name in the post headers is *incorrect*. I don't seem to be able to change it without losing something somewhere else. Any Cisco web-programmer listening?!? :))
This is a Microsoft issue, it will always send the packet out the NIC if it has the same network address as what you're trying to get to over the tunnel. There's no way around it other than removing the IP address off the NIC (or changing the address to be something different).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :