Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NSS2000 WAN/VPN Connectivity

We have a user that connects to the network over a VPN tunnel.  They cannot access the NSS2000.  The gateway is correct.  Disable WAN access is not checked.  Default network policy is allow traffic with no filters.

Anyone have any ideas?

9 REPLIES
Cisco Employee

Re: NSS2000 WAN/VPN Connectivity

I assume that the user has been created on the NSS200 correct?  Also, what access method are they trying FTP, CIFS?  Just trying pin-down some possible configuration issues.

Regards,

Glenn

New Member

Re: NSS2000 WAN/VPN Connectivity

Has anyone found a solution to this?

I have a NSS6000 connected to a MS SBS2003 AD.

The AD users show up in the NSS6000.

The AD users can access the NSS6000 when they are on the internal network.

When they try to connect via VPN, they are asked for another login and password. No login and/or password works, access is denied.

Help!

Cisco Employee

Re: NSS2000 WAN/VPN Connectivity

Is the VPN connection to a router or to your SBS box? When asked to login are they specifying domain; such as "mydomain\username"?

New Member

Re: NSS2000 WAN/VPN Connectivity

The MS SBS2003 is behind a combo router/firewall.

The VPN connect to the router/firewall first, gets forwarded to the SBS2003.

The VPN user has full access on the SBS2003 server, everything works.

They just can't connect to the NSS6000.

In the NSS6000, I checked the users and the domain users show up properly. So does the Domain Groups.

We've tried login using: user

                                   domain\user

                                   user@domain

                                   xxx.xxx.xxx.xxx\user

We are able to ping the nss6000 (from the vpn user), it responds with no issue.

It just won't let us get access to it.

------Update on problem------

The share is setup as a CIFS and users are AD users.

So for further testing, I created a local user and group and assigned them to the share. (Still no go)

I then modified the share and made it CIFS, NFS and FTP. I enabled both NFS and FTP. (Still no go)

However, I've been able to FTP into the nss 6000. (This is forward movement)

Both as the domain\user and the local\user.

Since I can ping and ftp into the nss6000, I know it is not hidden to the vpn users.

So the question becomes this: Why does the NSS 6000 refuse to give access to the CIFS share to my domain users that have valid access?

What is wrong with this Equipment?

Message was edited by: michel.beaulieu@atlantic-cad.com Oct-10-2009; 9:30am Atlantic time

Cisco Employee

Re: NSS2000 WAN/VPN Connectivity

Have the users dial the VPN connection before they log into their computers so the computer is authenticated on the domain prior to connecting to the NSS. The problem is that the NSS is not seing the computer as an authenticated device (not sure why). Once they do, the NSS should allow connections as expected. Please let us know if this works or not.

New Member

Re: NSS2000 WAN/VPN Connectivity

We've tried that also. We did both method, connect to internet first, vpn after, that didn't work. So we tried the "Dial a connection" first using the VPN and we got the same result.

As for the "NSS not seeing the computer as an authenticated device", I beleive you are partially correct.

I beleive it also doesn't see the user as an authenticated user and no matter how we try to log in, it will NOT let us log in.

I beleive there is a security issue with the NSS. Our users don't log into the NSS, we log into the MSSBS 2003 and we get authenticated there.

From that point the NSS should not be trying to figure out if we are authenticated.

For testing, I also turned on ftp and NFS. As for the NFS, it did not allow us any further/better connections/communication.

With ftp, we were able to connect to the NSS (once our vpn connection was established) and access the ftp folders. We were able to login to the FTP using the domain\user access. It authenticated us in, no issue. However, the user only had access to local user account folder and files, not the domain\user account folder and files.

I do have a call and case id in with LinkSys (as of Friday morning - Oct-9th) as we need to resolve this asap.

However we have not heard back from LinkSys yet on anything.

So, unless someone figures out if we have a bad setting on the NSS. (Which I would be happy to correct)

We may need to return this device for a full refund as it is not able to provided the proper services required and expected.

Michel

Cisco Employee

Re: NSS2000 WAN/VPN Connectivity

Working with Michel currently and Cisco Small Business Support Center.

I have been able to set up a lab environment simulating his network and as of today I have not been able to duplicate the problem. At the moment I feel that this may be raleted to DNS or configuration setting within RRAS. Once we discuss this further we will post results of outcome or workaround.

Cisco Employee

Re: NSS2000 WAN/VPN Connectivity

Working with Michel we were able to resolve the problem with VPN access to the NSS6000.

We changed the way the VPN connection was being created from using IC to RRAS, then we created a host A record within the DNS server (Domain Controller).

Once we completed these steps we were able to access the NSS with full domain rights as expected.

New Member

Re: NSS2000 WAN/VPN Connectivity

Just wanted to say thank you, best tech support I've had in a long time.

You guys know your equipment and your stuff!!

Thanks!

Michel

2963
Views
0
Helpful
9
Replies