[VPN] Logging on to an NT domain via PIX-to-PIX VPN

shannong shannong at texas.net
Tue Jan 21 20:21:09 EST 2003


It's definitely possible.  You can treat the remote subnet across the
VPN like anyother remote subnet.  There aren't really any special
considerations just because it's a VPN tunnel.  The one caveat to that
would be fragmentation due to IPSec overhead, but I don't think you need
to concern yourself with that.
 
 The easiest way is to configure the workgroup clients with the IP
address of your WINS server in the domain to be joined. This will allow
them find the DC when attempting to join the domain.  The clients will
then be on the domain and authenticated against it at login time.
 
If you don't have a WINS server, get one!  It will make your life so
much easier in an NT4 environment.  You can accomplish what you need
using LMHOSTS files to join the domain, but that would still require you
to use the IP addresses of servers when mapping drives, etc unless they
are in the LMHOSTS file also.  WINS servers will alleviate alot of
issues with broadcasts, slow connect times, etc.
 
-Shannon
 
-----Original Message-----
From: vpn-admin at lists.shmoo.com [mailto:vpn-admin at lists.shmoo.com] On
Behalf Of Russell Sakne
Sent: Tuesday, January 21, 2003 10:19 AM
To: vpn at lists.shmoo.com
Subject: [VPN] Logging on to an NT domain via PIX-to-PIX VPN




Hi 

I skimmed the last year's archinve and didn't spot anything too relevant
to my problem. 

We have two LANs which are connected to each other across the Internet
by an IPSec tunnel between two Cisco PIX firewalls. 

One end (London) is currently a small NT workgroup. 

The other end is our main office (Leicester) with an NT domain complete
with PDC and BDC. 

As it is, TCPIP traffic passes merrily between the networks and
Leicester's NT servers can be logged on to if we specify their IP
addresses (either in the DNS or via a Hosts file), but there's no
domain-level authentication of the London users and machines so each new
server connected to requires a password. 

I would like the machines and users at London to become members of our
NT domain and log on to that domain ab initio (at the Ctrl-Alt-Del login
prompt). Is this feasible through the VPN tunnel we've got set up? What
do I need to configure (LMHosts?) 

Hope you can help 

Russell Sakne

************************************************************************
************
This email and any attachments are meant only for the person or entity
intended. If you have received it in error please notify the sender and
delete.
Any information expressed is not necessarily the position of the
Society.
************************************************************************
************


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20030121/a85cf176/attachment.htm 


More information about the VPN mailing list