Re: Client Machine cannot see Active Directory

In news:6DE4492F-8DCE-48D2-AE41-30F26BA1272D@xxxxxxxxxxxxx,
Derek Schauland <DerekSchauland@xxxxxxxxxxxxxxxxxxxxxxxxx> made this post,
which I then commented about below:
> I wish there were such an easy explanation.
>
> The box that cannot see the AD services is on 1.0 subnet in the
> office with a wired 100Mb connection. Currently there are no PCs on
> the wireless subnet.
>
>
> The pix VPN allows all traffic between 1.0 and 0.0
>
> The problem started when we added the NAS box (a dell powervault
> 745N) to the network at 192.168.1.90
>
> The pix 515 at the office has an inside address of 192.168.1.254 and
> connects to the pix 501 which uses DHCP from our provider on the
> outside address. (this setup works flawlessly)
>
> So there arent any crazy circumstances for the problem machine to
> overcome... it is hooked up behind the Pix 515 on the 1.0 subnet.
>
> Last I spoke with the user she was able to get to the DFS shares and
> print, so the problem for the user has subsided, but these DNS errors
> seem to be lingering...
>
> Derek

At least I'm glad to hear some of the connectivity issues have subsided. I'm
still curious what caused them.

Here's an interesting issue I've come across with one of my clients. Their
IP range is 192.168.1.0, such as yours. When they are home, and they VPN in,
they cannot connect to internal resources. I've found they have a DSL/Cable
router at home set to 192.168.1.0. This will cause routing errors on the
client, which it won't know what gateway to use, therefore it will use it's
own set gate and not the VPN connections. In this case, I usually walk them
thru to change their IP range at home to make it work.

As for the PIX routing between two private subnets, I've seen issues, and
not saying it is only PIX or not PIX, but with Windows routing between two
private subnets and the thing is also offering NAT services, that LDAP and
other protocols will not get routed properly due to H.323 support. H.323
support lowers the PDU (process data units of a packet) to 64k where LDAP
under Windows (not sure if it applies to all other vendors) requires a
minimum of 300k. Disabling H.323 cures it.

Ok, back to the DNS errors. Maybe their based on the IP range I mentioned?

Ace


.

Relevant Pages

  • Re: VPN Design - is it possible?
    ... > And the PIX can actively partake in which routing protocols? ... provides resilience for the internet access only. ...
    (comp.dcom.sys.cisco)
  • Re: dymanic route table problem
    ... If it only happens in segments where the default ... gateway is pointed at the PIX, the PIX is responsible - it may not be doing ... router's routing table, ... Phillip Windell ...
    (microsoft.public.win2000.networking)
  • Re: dymanic route table problem
    ... The redirect has been mentioned by another person as well and that is surely what it seems like it is happening. ... gateway is pointed at the PIX, the PIX is responsible - it may not be doing ... router's routing table, ... it will learn direct routes to hosts via an ip redirect. ...
    (microsoft.public.win2000.networking)
  • Re: two default gataways
    ... Can any one help how to configure routing on PIX ... If there is a WAN router, then the WAN router could send two default ... lot of experience into writing up the hidden problems with redundant ... The PIX model was not mentioned, ...
    (comp.dcom.sys.cisco)