logon to windows domain from vpn

Posted on 2006-03-21
Medium Priority
Last Modified: 2007-12-19
Hello Experts!

I'm currently setting up a VPN connection possibility for some of our 'nomad' workers'. Having no prior experience with VPN, I'm somewhat stuck as the documentation / help files do not really cover the gap between hardware and software solutions.

My network involves 3 servers, and say 25 PC's/Notebooks. The solution I'm implementing involves a Zywall 35 firewall (as my netweorks default gateway and DCHP server), and Zyxel Security VPN client software for the notebooks. The Notebooks and PC's use Windows XP pro, server OS is Winsows Server 2000, SP4)

I have no problems in getting the tunnel up and running, and I can ping the computers (by IP address) on my office network from the VPN clients over the tunnel. The VPN client however does not seem to authenticated on the domain network, as I can not use any of the mapped drives or access the defined shares.

1.) Do I need to establish a tunnel first, and then logon to the network (and if so how can this be done?)
2.) Despite my implementing a hardware solution, do I need to activate remote access service on my main server?...
3.) and do I need to set any special permissions or create/modify a policy?
4.) The domain DNS server address does not seem to be forwarded properly, as I need to modify the host file by hand and add the entries in order to access them by name.

Any answers to above will probably raise more questions, but thanks anyway for helping me out on this one.

Question by:richard_harri
  • 2
  • 2

Accepted Solution

micror earned 1200 total points
ID: 16247845

As far as clients connecting normally you can have them connect either by VPN (The dial up option @ ctrl-alt-delete) or once they have logged into their laptop's manually launch the connection.

As far as the configuration of the clients go they need to use the zxwall's internal ip as their gateway, whicg it should hand out if it functions as the dhcp server for the client's. When a client is connected and you do an ipconfig/all you need to check that the zywall is handing out a relevant ip address that can route to your internal network, a releavant DNS address. once you have established that those are correct you should be able to ping those by name and thus all your networking issues are resolved.

As far as answering your questions in order above:-
1) No it doesnt matter normally (there may be a limitation on your Zywall software but i doubt it)
2) If you are using a hardware soloution stick with it, its tougher to set up usually but means you dont have to expose a MS box with PPTP to the internet which has been known to have some security issues with MS's version of PPTP and defeats the object of your hardware soloution (providing you are usinf L2TP an ipsec)
3) Not sure what you mean my permissions but as far as you MS network goes you dont unless you use the software soloution and MS VPN RAS in which case you can create a RAS policy or allow access by indeivdual user on the AD & C tab.
4) As mentioned first you need to configure your router/firewall to hand your internal DNS out to your VPN clients - or just use a host file - group policy is an easy way to do that.

And i think that just about covers it all.


Assisted Solution

maharlika earned 300 total points
ID: 16247966
Once the VPN client establishes a tunnel, and they can ping the network servers, they should be able to authenticate to the domain when they try to access a domain resource. so if they try to access their mapped network drive, it should ask for user name and pw.  Format is to put domain\username, then pw. Don't forget to put the domain name followed by \ before the user name. Also, you may need to use the server IP address rather than netbios name. Ex: Start->Run \\server01, replace with \\ (whatever is the server's IP address)

Author Comment

ID: 16248303
Hello micror!

Thanks for your speedy response. I seem to be having trouble getting the Zywall to forward the default gateway address

...or do I have to enter this manually in the client configuration?
   If this is the case this would imply using a fixed IP address, as it can not be changed otherwise in the TCP/IP properties

..same applies to DNS forwarding, or not?

Anyway, I'll be digging throught the heaps of Zyxel manuals and info.



Author Comment

ID: 16248371
Hi Maharlika!

When connecting to server either by name or IP address, I get a "\\ not accessible. You might not have permission to ..bla bla bla,".

Any leads on this?



Expert Comment

ID: 16255253

What i mean is if you are connecting to the outside interface of your firewall and it is set up as a vpn server ( for want of a better description) you need to configure its dhcp cababiility to assign addresses and therefore gateway and dns address's to your remote clients.


Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question