| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Windows Authentication over VPN
- To: <[email protected]>
- Subject: [FW1] Windows Authentication over VPN
- From: "Hal Dorsman" <[email protected]>
- Date: Wed, 1 Aug 2001 13:39:41 -0600
- Sender: [email protected]
- Thread-index: AcEawbVtHMapE75nR+iaBLBIh+8llg==
- Thread-topic: Windows Authentication over VPN
Greetings friends,
A few VPN/Secure Client questions
I am working with a user accessing our network from a Secure Client
build 4185
through our Solaris VPN-1 sp2. By forcing IKE and UDP encapsulation in
the
tools/encryption scheme settings, key exchange and authentication seems
to
work fine. After some futzing around with SDL and drive mappings we
seem to
be able to browse the network fine. The user is having problems
accessing
an IIS5 server using Integrated Windows Authentication (NTLM and
Kerberos).
I have seen many statements on the net that NTLM will not work with a
client
behind a NAT device (the Secure Client is behind a Linksys) because of
the
hash of the source IP that the IE browser uses to encrypt the user
password.
The user is considering this a VPN problem. I am concluding this is a
Windows
Auth/NAT problem. Has anyone accomplished this successfully?
Also, there are many discussions about IKE and forcing UDP. Many
discussions
say to make the changes to objects.C. Do the options in 'tools',
'encryption
scheme' in the latest build (4185) of the client obsolete the need to
make the
manual changes in objects.C?
Thanks,
Hal
Hal Dorsman
Data Network Engineer
Blackfoot Telephone Cooperative
[email protected]================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
