Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Domain login problems on lan to lan vpn

I have two pix 501 firewalls that are connected as a VPN. I cant see the other network in network neighborhood. When I try to add a pc to the domain from the remote side I get an error. In 2000 it is network path unavailable and it windows 98 I get The domain password you supplied is incorrect or access to the login server has been denied. I checked technet and had Cisco look at it and they say it is a Microsoft issue. I just dont believe that. I can ping it with no problems. Please help.

2 REPLIES
New Member

Re: Domain login problems on lan to lan vpn

It can be one of the folowing:

1. MTU issue

2. Windows name resolution issue (DNS & Wins)

3. NTLMv2 authentication on win98

Troubleshooting first case:

Try to investigate you maximum MTU with "ping -f -l 1300 remote_host" increasing packet size ( 1350, 1400, 1420, etc) until you get "fragmentation failed" error. After try to enforce MTU adjust on pix.

Second case:

If you have active directory you must have internal, active directory integrated DNS server. Add this DNS server address as a first to all remote site hosts.

Don’t forget to configure same domain name under "My Computer>Properties...>Network Identification>Properties>More...>Primary DNS suffix"

If you want to join Win95 configure Wins server on the server. Reconfigure server to use Wins by himself, Restart server (host are only registering names in wins during restart), configure client to use Wins.

On the same subnet there is usually no domain name resolution problems, because windows resolve names with NBT broadcasts. In you case broadcasts are blocked.

Please report on you success.

Third:

By default NTLM and more secure NTLMv2 autht are bouth allowed on win2000 domain controllers. But NTLM can be disabled for security.

Install active directory client for Win98 to enable NTLMv2 authentication. Client available somewhere on win2000 server CD.

New Member

Re: Domain login problems on lan to lan vpn

It is a win nt server. So there is no active directory. I will try the other things. Thanks.

118
Views
0
Helpful
2
Replies