Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Local domain auth breaks after L2TP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Local domain auth breaks after L2TP Page: [1]
Login
Message << Older Topic   Newer Topic >>
Local domain auth breaks after L2TP - 14.Sep.2006 9:37:37 PM   
sstone

 

Posts: 3
Joined: 14.Sep.2006
Status: offline 		I'm establishing a user L2TP VPN connection between two corporate networks.  Passing through ISA 2004 (SecureNAT) in the outbound direction and terminating on ISA 2004 on the far end.  Everything works fine.  I can access all resources on the remote network.  However, after the VPN is established I have intermittient problems connecting to machines on my local domain (my system is in no way part of the domain I'm connecting to at the remote site).

The actual problem is that my PC starts trying to authenticate me to my local file servers with the credentials I supplied to establish the connection to the remote domain.  These of course are invalid on my local domain.  The behaviour I'm seeing is that after establishing the VPN connection and then trying to browse a UNC path on my network I get prompted to enter my credentials (this should never occur since my PC is logged in with the appropriate credentials for the network).  I provide the correct credentials and I'm authenticated, but "something" on my computer immediately tries to authenticate me with the wrong (foreign domain) credentials before I am able to access any resources.

This is obviously very frustrating as I have to log into a local terminal server to browse network files, print, etc. while connected to my VPN.  Interestingly my Outlook->Exchange connection is not affected.

I do not use the default gateway on the remote network.  I'm not aware of any overlaps in domain/server/user names.

Any ideas?
Post #: 1
RE: Local domain auth breaks after L2TP - 15.Sep.2006 2:21:38 PM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi S,

Is this a site to site VPN connection between two ISA 2006 firewalls?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to sstone)
Post #: 2
RE: Local domain auth breaks after L2TP - 15.Sep.2006 5:24:04 PM   
sstone

 

Posts: 3
Joined: 14.Sep.2006
Status: offline 		No this is a user VPN (from my PC) to a remote ISA 2004 server.

Also, as soon as I disconnect my VPN I can immediately access local LAN servers.

Here is the error I get on my local LAN file server while my VPN is connected.

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date:  9/14/2006
Time:  3:23:37 PM
User:  NT AUTHORITY\SYSTEM
Computer: <LOCAL_LAN_FILE_SERVER>
Description:
Logon Failure:
 Reason:  Unknown user name or bad password
 User Name: foreignuser
 Domain:  FOREIGNDOMAIN
 Logon Type: 3
 Logon Process: NtLmSsp
 Authentication Package: NTLM
 Workstation Name: <MY PC NAME>
 Caller User Name: -
 Caller Domain: -
 Caller Logon ID: -
 Caller Process ID: -
 Transited Services: -
 Source Network Address: <MY LOCAL LAN IP>
 Source Port: 0

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

(in reply to tshinder)
Post #: 3
RE: Local domain auth breaks after L2TP - 20.Sep.2006 1:13:16 PM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Oh! OK, I understand. Yes, that's how it works. What made you think otherwise?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to sstone)
Post #: 4
RE: Local domain auth breaks after L2TP - 27.Sep.2006 8:50:44 PM   
sstone

 

Posts: 3
Joined: 14.Sep.2006
Status: offline 		Well... this only happens about 66% of the time, not necessarily every time.  I'm expecting that I should be able to establish a VPN (from my PC) to a remote network and be able to access resources on both networks concurrently.  Other than verifying addressing and routing on my PC I would not expect there to be any changes necessary to continue to access my local network's file shares while the VPN is established.

I assume I have a misconfiguration somewhere, but cannot pinpoint it.

(in reply to tshinder)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Local domain auth breaks after L2TP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts