General discussion


Win2k DC Login through VPN

By jeaster ·
I have the following configuration:

1 Win2K DC, on a private networkm, 192.168.100.x, connected to the "world" through a Cisco 506E Pix Firewall. I have a branch office, with a Cisco Pix Firewall (501), that has a permenant VPN tunnel to the main office. The inside of the branch office is net 192.168.1.x. Users can see domain resources, and use them (after authentication), through the VPN, even though their VPN address is 172.0.0.x. I want the users at the branch office to authenticate on login, instead of on resource access. Any thoughts? Is this a routing problem that they cannot really see the domain? I obviously could change the gatewatys and subnet masks, but I am not sure I want to do that.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by dgg In reply to Win2k DC Login through VP ...

There does not appear to be any routing issue due to the fact that branch office users are able to authenticate on access.

Have you verified that your remote clients are pointing to the correct DNS servers? Windows 2000 uses special DNS zones for authentication purposes. If your clients are not pointing to DNS servers that contain these sub-zones then they will not authenticate properly. These zones are in the format of _xxxx and can be seen by viewing the Zone entries on the DNS servers that control the domain. Entries on a Remote DNS server will not have these by default

Related Discussions

Related Forums