Remote Access/PIX VPN/Windows question

[WANguy2k]

We currently have a Windows 2003 network with a PIX 515e firewall. Our mobile clients have been working from home using a Citrix virtual desktop we run from a web site. However, when users need to copy files and work on them offline, it's too hard for them to copy back and forth from the mapped client drive, etc. inside the citrix window. There are also other apps I'd like to have the users run from their home PC but access the data on the company network.

I wanted to set up VPN to do this. I originally set up a PPTP VPN connection, but I could not browse the network from home, because even though the VPN connection was established, I was not logged on to the domain. I then tried the Cisco VPN client software, but it seems the only way to actually logon to the company domain is to start the VPN client software when the PC is turned on, and type in your logon information when it attempts to connect. If you don't want to use the VPN connection, you have to cancel out of the vpn client logon screen each time you start your PC.

The Question: Is there a method of making a connection to a Windows network through the internet, and having the client PC logon, get mapped drives, etc. when the connection is made? I looked at Routing and remote access server, but it doesn't look like that's it.

Any suggestions would be appreciated.

 

[jpm121]

You can map drives easily using the Cisco VPN client -- just right-click on My Computer, Map Network Drive, and enter the UNC path (meaning \\server\share). You'll need to click the "Login as different user" and enter

user = DOMAIN\user
password = password

That's it. When they connect the VPN, the drives are available. When it's not connected they aren't readable, but it doesn't cause any problems. VPN is encrypted as well, so more secure than other methods.

There are ways to join the remote machines to the domain all the time, check the PIX forum here for more info...

http://www.tek-tips.com/threadminder.cfm?pid=35

 

[ITChing]

WANguy2k,

At my organization, we have had a similar challenge. We have a PIX 515e-ur and a 515e-fo (failover). We also started the migration from NT4 to Windows 2003 Server (Mixed Mode).

We encountered a problem with two of our database frontend clients accessing the databases over the network (which requires domain authentication). So far, I've been at two houses of the beta testers for the VPN solution, and only come up with two methods that work.

a) (If this is company's equipment) Add the remote machine to the domain, configure the vpn connection for the domain profile, and allow modile worker to use that.

b) Create a local account on the local machine that matches the same username and password as the domain account for that user. Configure the (it may or may not be a company machine, but this is just something that worked).

NOTE: In scenario B.), remember that when the password changes on the domain, you need to change the password on the mobile user's machine to match, otherwise, you'd be pulling your hair out on the forum trying to figure out what went wrong.

 

[WANguy2k]

You mean solution B works? I can't believe it. I'll try it out.