[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Windows Authentication over VPN
Greetings friends, A few VPN/Secure Client questions I am working with a user accessing our network from a Secure Client build 4185 through our Solaris VPN-1 sp2. By forcing IKE and UDP encapsulation in the tools/encryption scheme settings, key exchange and authentication seems to work fine. After some futzing around with SDL and drive mappings we seem to be able to browse the network fine. The user is having problems accessing an IIS5 server using Integrated Windows Authentication (NTLM and Kerberos). I have seen many statements on the net that NTLM will not work with a client behind a NAT device (the Secure Client is behind a Linksys) because of the hash of the source IP that the IE browser uses to encrypt the user password. The user is considering this a VPN problem. I am concluding this is a Windows Auth/NAT problem. Has anyone accomplished this successfully? Also, there are many discussions about IKE and forcing UDP. Many discussions say to make the changes to objects.C. Do the options in 'tools', 'encryption scheme' in the latest build (4185) of the client obsolete the need to make the manual changes in objects.C? Thanks, Hal Hal Dorsman Data Network Engineer Blackfoot Telephone Cooperative [email protected]================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|