Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX2PIX IPSec NT Domain Login Failure

Status
Not open for further replies.
asafayan

asafayan

IS-IT--Management
Aug 2, 2001
14
0
0
US
I have successfully established an IPSec site to site tunnel with the 2 endpoints being a PIX 515 with 6.21ED code and a PIX 506E with 6.12 code.

The problem is that when I reboot the Windows client, the NT domain login fails. If I cancel out of the login dialog box and go to a command prompt and ping a host on the remote LAN, the tunnel comes up. Immediately after this, I can do a SHUT DOWN>>LOG OFF>> and do a successfull NT domain login.

I can see network traffic on the inside interface of the PIX when I reboot my PC and assume this is the client peforming its login process. But it appears that this is not deemed as interesting and therefore doesn't bring up the tunnel.

With the VPN client application, there is a setting that allows you to initiate the remote access tunnel prior to the login process.....I need the equivalent type of solution for this site to site tunnel.
 
Sort by date Sort by votes
HI.

* Are you sure you want to log in to domain via the VPN tunnel?
Did you consider other options like a local login with same name and password as those at the domain?

* What is the OS of the client?
* What is the server OS?

* How is name resolution handled?
WINS or local LMHOSTS might solve some problems.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Thanks Yizhar. Client is WIN98. Server OS is WIN NT 4.0.

This remote site client needs to have domain authentication to access resources located at the HQ. The client IP addresses and other relevant info such as WINS and DNS are statically assigned. So no LMHOSTS involved at the moment.

I don't know what kind of process is involved when the client boots and initiates the domain login process. But it seems that the domain login process is not "interesting" and therefore not initiating the tunnel setup.

My access-list to determine interesting traffic simply that identifies the source address as being from the remote site and the destination address as being that of the HQ location.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DivemasterBill
  • Locked
  • Question
Cannot connect via the SonicWall Login webpage
Replies
0
Views
42
DivemasterBill
DivemasterBill
TECHMAN007
  • Locked
  • Question
L2TP over IPSEC with PAP
Replies
0
Views
44
TECHMAN007
TECHMAN007
rjwaunakee
  • Locked
  • Question
Allow Connections with Domain Names
Replies
0
Views
33
rjwaunakee
rjwaunakee
normntwrk
  • Locked
  • Question
Anyconnect and "old" IPSec vpn
Replies
2
Views
62
normntwrk
normntwrk
mcdermottmb
  • Locked
  • Question
Intermittent loss of SSL connection forcing user to re-login
Replies
0
Views
34
mcdermottmb
mcdermottmb

Part and Inventory Search

Sponsor

Back
Top