Domain logon on VPN 1

[Buggeroo]

I have been trying for some time to get VPN up and running at work with a 3Com Superstack 3 firewall (which has build-in VPN support). The problem has been with domain accounts not being able to properly authenticate while connected to the VPN. I have set up WINS and IAS on the W2k server i want people to be able to connect to (it has all the file-shares and so on) and configured the firewall to use RADIUS. The problem is the &quot;There are no logon servers available to service the logon request&quot; error message. Although if I do a &quot;net use \\<servername> <password>&quot; I can connect to the shares fine. It is not a &quot;true&quot; domain-logon, but if I could just get it to do this automatically it would be a step in the right direction. Oh, BTW the clients are W2k pro and connecting with the Safenet/Soft-PK VPN client.

Sure hope someone can help.

 

[1delta]

I have the same hardware, but can't even get the Radius authentication working. How did you setup the IAS?

 

[Spider13]

Hello, I work for a very large corp. that has a huge amount of ras users and a load of users going to vpn as they get highspeed. Our users are all over the world, I support most of them from the helpdesk level, but have found myself doing the second level and third level support for them as well since no one really seems to know what is going on. (Thats what happens when 4 or 5 different teams have been working on the different parts of the whole and not as a team) Thats ok though I just received employee of the month for the entire company of 20000+ for the work I have been doing.
Anyway, We are using Nortel for the client and Rsa SecurID for the authentication. Nortel uses IPSec (and not pptp) and is not friendy with ISP's that block IPSec or use NAT -Though a new client just came out and has tested very well in using NAT. Here are issues that we have ran into.
1. DHCP Lease - while connected using IPSec your pc will not allow your ISP to renew the ip address, therefor you will be disconnected from your ISP and then vpn will drop and your isp will come back on so fast that it only appears that vpn has dropped. You can verify this by doing a ipconfig /all at teh command prompt and look at your lease, you will be kicked off at 87.5% of it. The new Client 4.5 will allow the isp to renew if it is the same address and will not be an issue no longer. Or if you use a router, the router will give your pc a lease of 24 hours by norm and the isp will not have anything to do with it.
2. domain login, you do not want your pc to try and connect to a domain before connecting with vpn (win 9x,me), either cancel past the first domain login, or select windows login instead of client for microsoft networks in the network configuration window. For windows 2000 and xp, you must have the correct cached credentials, this means either by connecting straight into the network via lan at least once, or login using dialup , after you cache then you can reset your passords just fine over vpn and it will cache correctly.
3. network resources, you must have your pc added to the domain to get full access to the network. If the pc is not connected (varies depending on the network) here you would only be able to view intranet pages and get to outlook, mapped drives and printers are unavailable. There are work arounds, but you must know your network pretty well to know what to change. But more or less the easiest way to not run into problems is just make sure your pc is added.
I have tons to write about and just wanted to touch base on a few things I will go more into detail over the time any specific questions feel free to ask.

 

[Rleeunc]

My PDC (and mail server-Exchange 5.5) are Nt 4.0 instead of W2k. We are using a Cisco 3000 VPN appliance and their client, and have NAT in place. On bootup of my laptop (XP-Pro) I hit ctrl-alt-del and get my network login screen with the VPN connect box sitting on top. I choose connect, and VPN dials my ISP and connects successfully. Then I put in my password for the network/workstation login screen, login and go to my desktop. Unfortunately my login script never runs, I can't map a drive manually, and Outlook 2002 says my Exchange server is not available. I went back in and put in the IP's for my DNS server and my WINS server, but neither helped. If I go to the command prompt, I can ping all my servers by IP, but not by name. Is this just a simple case of needing a LMHosts file, or more to it than this??? Thanks for your suggestions. Rlee@ncdoi.net

 

[Guest_imported]

VPN-data transmission fails + can't see network
I'm using a W98se box to access a W2K adv. server with VPN access. I can log to it, and do some files copying but later I find this problems:
(1) If I access my ISP using a dial-up modem and then connect to the VPN server, some minutes later data transmission stops, and I can not resume it anyway (either with the vpn or my ISP) untill the client PC is rebooted.
(2) To test if the above was a server or tunneling fault, I connected client and server directly, using 2 nic cards. I find that transmision work fine, but if I disconnect the client a few times, there is a point when I get an error stating that the server does not respond in time. But it's actually the client's fault, since the problem is gone only when client is rebooted.
(3) Of course I have the usual (looking at this forum) troubles to see the network.

Can anyone help me? Going for W2k on the client would be a little to much for the user, so a diffrerent solution would be better.