logon to windows domain from vpn

Hello Experts!

I'm currently setting up a VPN connection possibility for some of our 'nomad' workers'. Having no prior experience with VPN, I'm somewhat stuck as the documentation / help files do not really cover the gap between hardware and software solutions.

My network involves 3 servers, and say 25 PC's/Notebooks. The solution I'm implementing involves a Zywall 35 firewall (as my netweorks default gateway and DCHP server), and Zyxel Security VPN client software for the notebooks. The Notebooks and PC's use Windows XP pro, server OS is Winsows Server 2000, SP4)

I have no problems in getting the tunnel up and running, and I can ping the computers (by IP address) on my office network from the VPN clients over the tunnel. The VPN client however does not seem to authenticated on the domain network, as I can not use any of the mapped drives or access the defined shares.

1.) Do I need to establish a tunnel first, and then logon to the network (and if so how can this be done?)
2.) Despite my implementing a hardware solution, do I need to activate remote access service on my main server?...
3.) and do I need to set any special permissions or create/modify a policy?
4.) The domain DNS server address does not seem to be forwarded properly, as I need to modify the host file by hand and add the entries in order to access them by name.

Any answers to above will probably raise more questions, but thanks anyway for helping me out on this one.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


As far as clients connecting normally you can have them connect either by VPN (The dial up option @ ctrl-alt-delete) or once they have logged into their laptop's manually launch the connection.

As far as the configuration of the clients go they need to use the zxwall's internal ip as their gateway, whicg it should hand out if it functions as the dhcp server for the client's. When a client is connected and you do an ipconfig/all you need to check that the zywall is handing out a relevant ip address that can route to your internal network, a releavant DNS address. once you have established that those are correct you should be able to ping those by name and thus all your networking issues are resolved.

As far as answering your questions in order above:-
1) No it doesnt matter normally (there may be a limitation on your Zywall software but i doubt it)
2) If you are using a hardware soloution stick with it, its tougher to set up usually but means you dont have to expose a MS box with PPTP to the internet which has been known to have some security issues with MS's version of PPTP and defeats the object of your hardware soloution (providing you are usinf L2TP an ipsec)
3) Not sure what you mean my permissions but as far as you MS network goes you dont unless you use the software soloution and MS VPN RAS in which case you can create a RAS policy or allow access by indeivdual user on the AD & C tab.
4) As mentioned first you need to configure your router/firewall to hand your internal DNS out to your VPN clients - or just use a host file - group policy is an easy way to do that.

And i think that just about covers it all.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Once the VPN client establishes a tunnel, and they can ping the network servers, they should be able to authenticate to the domain when they try to access a domain resource. so if they try to access their mapped network drive, it should ask for user name and pw.  Format is to put domain\username, then pw. Don't forget to put the domain name followed by \ before the user name. Also, you may need to use the server IP address rather than netbios name. Ex: Start->Run \\server01, replace with \\ (whatever is the server's IP address)
richard_harriAuthor Commented:
Hello micror!

Thanks for your speedy response. I seem to be having trouble getting the Zywall to forward the default gateway address

...or do I have to enter this manually in the client configuration?
   If this is the case this would imply using a fixed IP address, as it can not be changed otherwise in the TCP/IP properties

..same applies to DNS forwarding, or not?

Anyway, I'll be digging throught the heaps of Zyxel manuals and info.


richard_harriAuthor Commented:
Hi Maharlika!

When connecting to server either by name or IP address, I get a "\\ not accessible. You might not have permission to ..bla bla bla,".

Any leads on this?



What i mean is if you are connecting to the outside interface of your firewall and it is set up as a vpn server ( for want of a better description) you need to configure its dhcp cababiility to assign addresses and therefore gateway and dns address's to your remote clients.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.