General discussion


Logon on Windows 2000 Domain -Cisco VPN

By sheaffb ·
I want to configure remote users to logon to a Win2k Domain via a Cisco VPN.

Don't know how or if I can do this.

Any ideas?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by mshavrov In reply to Logon on Windows 2000 Dom ...

Do you want to authenticate your VPN sessions against W2K Domain or you want to VPN and then "logon to W2K domain" with all scripts, etc.

In first case, you need to install Radius server (for example, Cisco ACS server), and configure it as "front-end" to NT Domain (Active Directory).

In second case, you should configure your client's PCs to run VPN client BEFORE login screen. To do that with Cisco VPN Client, run the client, then go to Options --> Windows Logon Properties and check "Enable start before logon" option. Now after reboot you will get Cisco VPN Client prompt, you will establish VPN tunnel, and only then your Windows will try to logon into Windows Domain.

That's required if you want to simulate "full logon process" with logon scripts, drives mounting, etc. If you just want to access resources on W2K servers, and your local username and password match to domain username and password, you may be able to see devices, mount drives, and access resources in your LAN through VPN no mater when you established tunnel.

If you have more questions or want more detailed explanation, just e-mail me.

Good luck,

Michael Shavrov
Cisco CCNP, CCDP, CCSP, CSS1, MCSE W2K, MCSE+I, Checkpoint CCSA, Security+, ...

Collapse -

by sheaffb In reply to Logon on Windows 2000 Dom ...


Now I am curious on the most effective ports to open.

We are more cautious lately on ports 135-137-139


Related Discussions

Related Forums