[VPN] Active Directory Problems with Cisco VPN

Matt Martini martini at invision.net
Thu May 27 14:41:23 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----

Basim,

I am having a problem with Accessing Active Directory Resources
(Fileservers, Exchange) thru an IPSec tunnel using a Cisco Client 4.0.4
connecting to a Cisco 3005 VPN Concentrator. You state bleow that you
have gotten this to work. Do you have any procedures/suggestions/URLs
that I could use to resolve this issue?

Matt

PS I am not a member of the VPN list, pls. reply via direct email.

__________________________ http://www.invision.net/ _______________________

 Matthew E. Martini, PE        InVision.com, Inc.   (631) 543-1000 x104
 Chief Technology Officer      matt at invision.net    (631) 864-8896 Fax
_______________________________________________________________________pgp_


On Sat, 8 Nov 2003, Basim Jaber wrote:

> Here's some food for thought...
>
> Not all VPN clients are alike.  The two "main" types are "shim" and "virtual
> adapter".  If a VPN client can be installed and obtain it's own IP, DNS,
> WINS, etc from the gateway and/or a DHCP server behind the gateway, then
> this is the best approach.
>
> However, the problem arises when VPN clients are installed in a shim mode
> and "bind" to existing Internet connections.  Clients that bind to existing
> connections will use the DNS, IP, WINS, etc from that connection.  So if you
> connected to the Internet via some remote ISP (via modem, ISDN, DSL, WiFi,
> Ethernet broadband, etc, you'll get an IP address which your VPN gateway
> doesn't know about and you'll get DNS entries from that ISP which may only
> be able to resolve your external interface resources (i.e. the VPN gateway
> address, a web address, nothing internal).  In just about all the cases I've
> seen, a connection to the Internet with a remote ISP never hands down WINS
> addresses.  For that matter "shim" type VPN clients will fail to allow to to
> resolve NetBIOS hostnames.   Even if you use Active Directory DDNS, you
> still can't resolve as the AD DDNS servers would be behing the VPN gateway
> and the external DNS servers from the ISP don't contain name resolution
> records for your internal servers (they better not!).
>
> Here's a small list of the VPN's that I've worked extensively with which
> will let you get whatever the ISP gives you and then ALSO let you have an
> IP, DNS, and/or WINS from the VPN:
>
> - Cisco VPN 3000 Concentrator Series and VPN Client

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQEVAwUBQLY2U2tXn16/JS7ZAQGUDgf/WDGFLVe18e1vwoE+wA3Hpu7XiVb6vaHL
LYaB0UOhazqE0RZA5xL72lAfpabFLpAMURqrb49+xn9TQzBhysbp1UmKuDszgLBq
/EhmjZIiCcfYaqxV0fnltARtJqgNBFWzc2DolCQMOYmuH9/PuRxk7EFCeaue3S8b
0WhrGOlUQE+ib/kHUleGoTxWINcFBcA3c423TB1tfe4VWemc3YvLJKpIFidmf9gn
do0QFiou08UjTAF9BhOGj7J9QTEvf4xd4sNiaBUhrDLo7V1FdzEDbsh0pd/529Fv
TwyDAhbCf9Ubw9YtWyDNDqRW2xy0T6IZrJ5Rl0IGf56fRu+RpxtYZg==
=ZBlj
-----END PGP SIGNATURE-----



More information about the VPN mailing list