Are you using overload and port address translation with the working config? I undertsnad the issue to be with the VPNs ability to utilize layer-4 translations. I think the VPN will succeed with a singular address-based translation. Curtis Jim Bond <[EMAIL PROTECTED]> wrote: Hello, Let me re-describe the situation: Central office 7100 router, site office PIX (NAT overload 1 public ip address), IPSec tunnel is establised, clients at site office can't logon NT domain but can do everthing else. Today, I replaced the PIX with a 3620 router (same IPSec setup), everything works fine. Clients can logon NT domain. I think that proves 1)I don't have naming issue 2) PAT works with IPSec. I don't understand why PIX wouldn't work. Please see my PIX config. Thanks in advance. Jim PIX Version 5.2(3) access-list 100 permit ip host 24.176.210.204 167.191.0.0 255.255.0.0 ip address outside 24.176.210.204 255.255.255.0 ip address inside 10.1.1.1 255.255.255.0 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 24.176.210.1 1 sysopt connection permit-ipsec crypto ipsec transform-set IPSEC esp-des esp-md5-hmac crypto map newmap 10 ipsec-isakmp crypto map newmap 10 match address 100 crypto map newmap 10 set peer 169.193.13.2 crypto map newmap 10 set transform-set IPSEC crypto map newmap interface outside isakmp enable outside isakmp key ******** address 169.193.13.2 netmask 255.255.255.255 isakmp identity hostname isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 dhcpd address 10.1.1.101-10.1.1.110 inside dhcpd dns 24.1.64.33 24.1.64.34 dhcpd wins 169.193.28.60 169.193.148.25 dhcpd lease 3600 dhcpd domain dhcp.lamrc.com dhcpd enable inside __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _______________________________________________________ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
