logon to windows domain from vpn

Posted on 2006-03-21
Last Modified: 2007-12-19
Hello Experts!

I'm currently setting up a VPN connection possibility for some of our 'nomad' workers'. Having no prior experience with VPN, I'm somewhat stuck as the documentation / help files do not really cover the gap between hardware and software solutions.

My network involves 3 servers, and say 25 PC's/Notebooks. The solution I'm implementing involves a Zywall 35 firewall (as my netweorks default gateway and DCHP server), and Zyxel Security VPN client software for the notebooks. The Notebooks and PC's use Windows XP pro, server OS is Winsows Server 2000, SP4)

I have no problems in getting the tunnel up and running, and I can ping the computers (by IP address) on my office network from the VPN clients over the tunnel. The VPN client however does not seem to authenticated on the domain network, as I can not use any of the mapped drives or access the defined shares.

1.) Do I need to establish a tunnel first, and then logon to the network (and if so how can this be done?)
2.) Despite my implementing a hardware solution, do I need to activate remote access service on my main server?...
3.) and do I need to set any special permissions or create/modify a policy?
4.) The domain DNS server address does not seem to be forwarded properly, as I need to modify the host file by hand and add the entries in order to access them by name.

Any answers to above will probably raise more questions, but thanks anyway for helping me out on this one.

Question by:richard_harri
    LVL 1

    Accepted Solution


    As far as clients connecting normally you can have them connect either by VPN (The dial up option @ ctrl-alt-delete) or once they have logged into their laptop's manually launch the connection.

    As far as the configuration of the clients go they need to use the zxwall's internal ip as their gateway, whicg it should hand out if it functions as the dhcp server for the client's. When a client is connected and you do an ipconfig/all you need to check that the zywall is handing out a relevant ip address that can route to your internal network, a releavant DNS address. once you have established that those are correct you should be able to ping those by name and thus all your networking issues are resolved.

    As far as answering your questions in order above:-
    1) No it doesnt matter normally (there may be a limitation on your Zywall software but i doubt it)
    2) If you are using a hardware soloution stick with it, its tougher to set up usually but means you dont have to expose a MS box with PPTP to the internet which has been known to have some security issues with MS's version of PPTP and defeats the object of your hardware soloution (providing you are usinf L2TP an ipsec)
    3) Not sure what you mean my permissions but as far as you MS network goes you dont unless you use the software soloution and MS VPN RAS in which case you can create a RAS policy or allow access by indeivdual user on the AD & C tab.
    4) As mentioned first you need to configure your router/firewall to hand your internal DNS out to your VPN clients - or just use a host file - group policy is an easy way to do that.

    And i think that just about covers it all.

    LVL 3

    Assisted Solution

    Once the VPN client establishes a tunnel, and they can ping the network servers, they should be able to authenticate to the domain when they try to access a domain resource. so if they try to access their mapped network drive, it should ask for user name and pw.  Format is to put domain\username, then pw. Don't forget to put the domain name followed by \ before the user name. Also, you may need to use the server IP address rather than netbios name. Ex: Start->Run \\server01, replace with \\ (whatever is the server's IP address)

    Author Comment

    Hello micror!

    Thanks for your speedy response. I seem to be having trouble getting the Zywall to forward the default gateway address

    ...or do I have to enter this manually in the client configuration?
       If this is the case this would imply using a fixed IP address, as it can not be changed otherwise in the TCP/IP properties

    ..same applies to DNS forwarding, or not?

    Anyway, I'll be digging throught the heaps of Zyxel manuals and info.



    Author Comment

    Hi Maharlika!

    When connecting to server either by name or IP address, I get a "\\ not accessible. You might not have permission to ..bla bla bla,".

    Any leads on this?


    LVL 1

    Expert Comment


    What i mean is if you are connecting to the outside interface of your firewall and it is set up as a vpn server ( for want of a better description) you need to configure its dhcp cababiility to assign addresses and therefore gateway and dns address's to your remote clients.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    Title # Comments Views Activity
    Cisco UC520 Call Transfer Issue 7 62
    Thomson router 3 44
    DNS resolution according to source ip 20 71
    Splitting where DNS Lives 2 46
    Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now