Sorry for the somewhat OT, but I'm starting to feel somewhat (very?) stupid, and people on this list should have the correct knowledge I suppose. Any pointer in the right direction (the right manual) would be very nice, I'm going blind searching cisco's web site ecc... either I'm missing some manual I should have and is so obvious nobody does mention it or what. Suppose a Pix and a cisco secure vpn client configured in order to access a internal network through internet/vpn. No problem with that, does work. Now suppose a homeworker with a (company provided, configurable as we like computer) which has to be able to work locally without any login, access internal resources (pure tcp, do work) and to access a NT (NT4, not W2k) domain on the internal network. BTW the internal network does provide working wins and dns. If the client would have been w95 like the first test bed (grabbed the first old laptop I had around) there would have been no problem - configure local access on the laptop, the user does login with it's username and password and can work normally. When he need to connect to the internal network dial-up networking does connect to the internet, "log on to network" tries to connect to the configured wins servers (on the internal network) in order to learn about the location of domain controllers, the connection to internal ip addresses does kick the vpn client, vpn tunnel comes up, connect to wins, connect to DC, logon to network, run login script, everything seems ok. No consider the same attempt with a NT workstation client. Scenario A: the user does login (to the workstation) with a local user, does work locally, then does logoff, ticks the "connect with ras" checkbox, does login with internaldomain\user, vpn tunnel comes up and everything works. However he needs to logon/logoff. Scenario B: the user does login (to the workstation) with internaldomain\user without "connect with ras", which does work due to a cached profile I suppose (this could timeout however ?); work locally ecc, when needed start ras and connect. Network browsing, connections to servers ecc do all work, however I still think the normal logon process has not be done (at least login scripts have not be run). What is the correct way to configure these kind of things ? Thanks Heiko -- -- PREVINET S.p.A. [EMAIL PROTECTED] -- Via Ferretto, 1 ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
