IainChapman
IS-IT--Management
Hello There,
We have a Nortel VPN system which is managed by Sprint.
At our main site we have a Nortel Contivity 1700 unit, and each remote user has an RSA Keyfob token. The Clients (Windows 2000/XP) are running Nortel Contivity VPN Client V4.64.320.
My problem is that my German users cannot reach their Active Directory Windows 2000 file server when connected via the VPN. The Active Directory domain is limited to the German site.
What confuses the situation (for me at least) is that they CAN access the File Server via the VPN if:
1) they log into their client PC using a local PC account - rather than the cache domain account details
or
2) the PC isn't a member of the Active Directory domain.
At a simple level the traffic can reach the server - ie PING / Trace Route all show the the traffic hits the server and is returned.
On the Contivity 1700 we are employing it's stateful firewall to limit what the clients can actually do via the VPN. When it came to Microsoft network the ports that were opened are tcp/udp 135, 137, 138, 139 and 445.
For reference we have a Sprint line coming into the main site, connected to the Nortel Contivity 1700. The main site and the German site communicate over an MCI PIP network.
Does anyone have any thoughts as to what I'm doing wrong please? This appears to be functioning for our other sites (France, Italy, UK).
Thanks
Iain Chapman
Lambda
We have a Nortel VPN system which is managed by Sprint.
At our main site we have a Nortel Contivity 1700 unit, and each remote user has an RSA Keyfob token. The Clients (Windows 2000/XP) are running Nortel Contivity VPN Client V4.64.320.
My problem is that my German users cannot reach their Active Directory Windows 2000 file server when connected via the VPN. The Active Directory domain is limited to the German site.
What confuses the situation (for me at least) is that they CAN access the File Server via the VPN if:
1) they log into their client PC using a local PC account - rather than the cache domain account details
or
2) the PC isn't a member of the Active Directory domain.
At a simple level the traffic can reach the server - ie PING / Trace Route all show the the traffic hits the server and is returned.
On the Contivity 1700 we are employing it's stateful firewall to limit what the clients can actually do via the VPN. When it came to Microsoft network the ports that were opened are tcp/udp 135, 137, 138, 139 and 445.
For reference we have a Sprint line coming into the main site, connected to the Nortel Contivity 1700. The main site and the German site communicate over an MCI PIP network.
Does anyone have any thoughts as to what I'm doing wrong please? This appears to be functioning for our other sites (France, Italy, UK).
Thanks
Iain Chapman
Lambda