Domain login over 5XT to 5XT VPN

[SH3]

Hi eveyone,
I have been reading and studying and have taken the INSG course. Exam on 7/8/2003. My head is full and I am trying to bring all this together.

I have a 5XT at site A and a 5XT at site B. Both running OS 4.x

I have established a policy based VPN that works fine for running remote control programs.

Site A has a Windows 2000 domain controller.
Site B has two computers.

I want the computers at Site B to be prompted to login to the domain at Site A. Eventually I want to run Outlook XP at Site B while accessing the Exchange server at site A.

I have pondered many things. IP addressing, DNS and HOST tables. Can anyone bring all this together for me so we can create a solution?

Thank you,
Steve

 

[penauroth]

I am not sure if this is a VPN issue or exchange server issue but...

Considering that site B computers are already connected to the domain. When the user logs into their workstation their should not be any reason to log in a second time. Their domain credentials should suffice for the exchange server. However, I am sure exchange server can be configured to force authentication.

I have a NS5XT (Domain) and NS5XP(workgroup) VPN. The users in the workgroup, same workgroup name as the domain, do not require an additional login if they synchronize their computer and domain passwords when using resources at the domain site.

 

[SH3]

The workstaions at site B are not connected to Site A. That is what I am trying to do. I only have the Netscreens at site A and B talking by VPN.

My challenge is the same as posted by Dana (dmandell). I just need the beginner to do list to complete this, as well as the beginner do-not-do list. I am hoping someone can be a mentor during this setup.

Thanks,
Steve

 

[penauroth]

What I have done is:

Setup AutoKey IKE with preshares. You can download the PDF file at

http://www.netscreen.com/services/support/product/downloads/screen_os/ce_v4.pdf.

Look under Policy-Based VPN or Route-Based VPN for LAN to LAN VPN AutoKey IKE.

In addition, I would configure DNS and WINS addresses under Interfaces > Trust > DHCP > DHCP Server > DNS#1 and WINS#1 for Site B. You may specify more DNS, WINS, SMTP and POP servers by selecting the Advanced Options. Lastly, I did a little traffic shaping in the Outgoing and Incoming policies so as to give external users better performance while not sacrificing bandwidth for internal use.

That is pretty much it. If you need further help you can go to

http://www.netscreen.com/support

or, my favorite,

http://www.netscreenforum.com.

Cheers,

Paul

 

[SH3]

Hi Paul,

I was able to get the VPN going and the workstation to login over the VPN. Just what I was looking for! I am now working on slow performance which appears to be from an old 100 Hub. (yep hub) I have ordered a 10/100 Switch.

Thank you. I will look into defining the DNS and WINS. Policy shaping also sounds like a good idea.

Thanks for the forum web site address. I passed the exam! I think I have gone from feet wet too ankles wet.

Take care,
Steve

 

[penauroth]

Good job, Steve! Glad to here you passed your exams. That forum site I gave you have members that are very knowledgeable in Netscreen products, networking, VPN and IDS.

Yeah, you got to get rid of that hub. I use our old hubs on clustered printers.

Anyway, good luck and see you around.

P