Link to home
Start Free TrialLog in
Avatar of mchad65
mchad65

asked on

One user can not access network resources L2L PIX to 3000

I have a small remote office where 4 employees work using a L2L VPN from their local pix 506E to our VPN 3000 at our main office.  3 of the users have no problem accessing network resources, but one can not.  The only difference that I can see is that the three who can, are members of a workgroup, and the user who can't, was joined to our domain when in our office...  He can ping the inside ip addresses of the servers he is trying to access, but can not get to resources.  

I don't know where else to look?
Avatar of Yves Accad
Yves Accad
Flag of United States of America image

can he access \\ipaddress\share?
Avatar of mchad65
mchad65

ASKER

Well, that is where it gets stranger.  If he tries to map bp ip, he is promped for a password (even though he is logged in as a domain user) and when he enters it in the format domain\username he gets an error like "the username entered is the same username that the computer is logged in as" (or something very similar) and is denied.  However, if a different username is used, it grants access to the resource...
Avatar of mchad65

ASKER

I meant "map BY ip" not "map bp ip"...
It sounds like a dns issue.

can he access \\machinename.domainname\share?
If the above works have him go to the properties of his nic > advanced > DNS Tab. Does he have the domain value under: Append these DNS suffixes?
Avatar of mchad65

ASKER

But if it is DNS only, why is he a) being prompted for a username and password, and b) getting the error that the username is the same as the login name?

Note:  when he connects via cisco VPN client from home, everything works as it should...
Avatar of mchad65

ASKER

I will have to have him check the above on Monday.  It's 6pm there now and I'm sure he's in a pub. (where I should be)
HEHE, Cheers!
I would make sure of one other thing, that his machine points to the DC for dns. When a machine is part of a domain and you're dealing with active directory if the client machine is not using the Domain Controller for it's Dns even if it can resolve names through another dns server you will have that type of issues.
Avatar of mchad65

ASKER

The DHCPD DNS command assigns his local ISP dns as primary, and our internal DNS as secondary (the same as all the other users that work ok)
Avatar of mchad65

ASKER

Also, he has a host file with the ip and server names as well...
That might be the problem, remember your other users are not part of the domain according to your initial question.
>The DHCPD DNS command assigns his local ISP dns as primary, and our internal DNS as secondary (the same as all the other users that work ok)
>Also, he has a host file with the ip and server names as well...
Looking at the above 2 statements:
-host file takes precedence, so basically anything in the hostfile will be used before dns.
-primary dns will be used next which is your ISP, your internal DNS will probably never be used because as secondary the only way it would be used is if your primary dns ceased to respond.

I would suggest using your internal DC DNS as primary dns and enable forwarders on the internal dns server to your public DNS as HQ. This way any zone not found in your internal dns, would be forwarded so the user could still connect to domain names not found on your internal DNS

Avatar of mchad65

ASKER

But if the host file takes priority, why does it still fail, as the servers in question are in the host file?
ASKER CERTIFIED SOLUTION
Avatar of Yves Accad
Yves Accad
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial