Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
2
Replies

DNS and AD Issues

kaoslife
Level 1
Level 1

‎05-24-2006 08:38 AM

We are in the process of replacing a PIX with a 2821 running the VPN feature set. When we put in place and terminte a VPN tunnel to the PIX at the far end, then connection and tunnels appears to come up fine, but we seem to be having some issues with DNS and/or AD. The PC on the remote networks can ping the central Domain contollers, but when they go to logon, they can logon onto the network, but are unable to run the logon script wihich maps drive, printers and applies the security policy. Anyone see this before or have any ideas

Labels:
0 Helpful
2 Replies 2

ssoberlik
Level 4
Level 4

‎05-30-2006 07:33 AM

Are you getting any error messages?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ssoberlik

‎05-30-2006 11:34 AM

Is it possible that in the process of making changes something was done that prevents PMTUD (Path MTU Discovery) from working. This could produce a problem with packets that are large, require fragmentation, but can not be fragmented. I have seen this happen when someone decided to deny ICMP (including the ICMP error fragmentation required but DF set which is essential to PMTUD).

You might try configuring ip tcp adjust-mss on the 2821 and setting the segment size to a fairly low value (I have had good success with 1370) and see what happens.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents