Getting Authenticated using Cisco VPN Client 4.01

[bubarooni]

I have finally got my PIX 506 accepting vpn clients but now I've run into a problem I hadn't really foreseen. Once I establish the vpn I have no access to network resources! Is there a way to be authenticated on a WinNT 4.0 network once I have got past the PIX?

 

[baddos]

The Cisco Client has an option to "Start before login". Then you could setup your computer to login to the NT domain when you login into your local computer.

 

[bubarooni]

There is a 'Prompt for Network Logon Credentials' but that doesn't seem to do the trick. I have also set my remote computer to match the network config at work (DNS, WINS, etc). Still, I don't have access to everything. I can browse the network and even shares on machines but can't, for example, open my own home drive on one of the servers.

My office network has a 192.168.1.x net address range. VPN Clients use a 192.168.100.x address range (the 'ip local pool' on the PIX). This is done to avoid a known routing issue with the 4.01 client and the PIX. A Cisco tech told me I'd be courting trouble if I didn't do that.

Could that be the problem? Do I need to 'authorize' (set up a trust somehow perhaps)the .100.x address pool?

Thanks,
Kelly

 

[baddos]

Can you ping through your VPN?

 

[yizhar]

HI.

Is your VPN client behind a NAT or FIREWALL device?
Try with a dial up connection, what do you get?
Can the VPN client machine ping the pix outside interface (without establishing VPN connection)?

And as baddos asked -
Can you ping the server?
Try to ping both by IP address and by name.


Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[azstyx]

can you post your config?
#sh conf
#sh run

 

[bubarooni]

Thanks for your posts. Everyone asking me about the config got me looking at it again. I redid the isakmp policy for the dialins and they are working now. I thought sure it was something to do with the client. Thanks again.