Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PPTP with PIX

Status
Not open for further replies.
rdoucet

rdoucet

IS-IT--Management
May 11, 2001
15
US
I posted this in the VPN section before I knew this one existed, so i've brought it over here (no replies over there anyway.)

I have set up a PIX 515 to use PPTP as the VPN using the Windows VPN client. I can log in with NT, 2000 and ME, but when trying to log in with Windows 98 I get the error message error, "691 Access denied because username and/or password is invalid on the domain"

Anyone know of a way around that? It is ONLY with 98.

Thanks,
BK
 
Sort by date Sort by votes
I don't remember the details, but does your copy of Win 98 have the latest Dial-up Networking (I think you need 1.3) for this to work.

*been a long time since I had to use Win 98* (or at least it seems long :)

 
Upvote 0 Downvote
Sure do. I found the problem last night. It was passing the domain name in front of the username, as if trying to log into a domain. PIX\rdoucet for me to log into a domain named PIX. I had to delete the registry key for the Authenticating Agent, then I could log in. In NT it asks you for the domain and I left it blank. 98 doesn't give you the option, it just adds it.

Thanks for your reply.
 
Upvote 0 Downvote
rdoucet - I am also experiencing this issue, can you explain in more depth where you needed to go in the registry to remove the Authnticating Agent from the VPN adapter?

We have majority of Windows 98 workstations that use the VPN to the Cisco and only a few 2000 workstations which do not experience this issue. Anything you can provide will be greatly appreciated.

I can be reached at jlvandusen@icecomputers.net

Thank you.

James
 
Upvote 0 Downvote
The key is HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSNP32\NetworkProvider\AuthenticatingAgent. You'll see that it's set to whatever the Domain is when they log on. You can delete this key, but that is a temporary fix. A more permenant fix, since they are probably logging in to a single PDC when remote as well would be to create the username in the PIX as "Domain\Username". For example, let's say I normally log into the Domain name TEKTIPS with a username of rdoucet, I would set up the pix account name as TEKTIPS\rdoucet.

With a 98 machine, I enter my VPN username as rdoucet. It automatically adds that to the end of TEKTIPS\ and passes the name as TEKTIPS\rdoucet. If running a NT or 2000 machine there is the added line of the Domain. I simply put my username (rdoucet) and password, and in the Domain box put the TEKTIPS and it again passes it as TEKTIPS\rdoucet.

I've tried this all out and it works great. I hope you have the same results as I did.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
285
Sameer258
Sameer258
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
76
ISDPCMAN
ISDPCMAN
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
61
xwray
xwray
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
113
hairlessupportmonkey
hairlessupportmonkey
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
71
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top