rvo42 gateway to gateway VPN pppoe DSL windows domain logon

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by drs_it, Jul 10, 2006.

  1. drs_it

    drs_it LI Guru Member

    I currently have two RV042 routers, both are connected to the ethernet via PPPOE DSL, a VPN tunnel created between both, just using basic PHASE 1 (group 1 des md5), no phase 2 or Perfect Forward Privacy enabled.

    One site "A" is a windows xp client, site "B" is where the domain server is located, SBS 2003 running Exchange. We want the client in Site A to join the domain to be able to logon and attach to shares, as well site B is where the Exchange server is located. and although the clinet has site B's DNS, and WINS , we can ping OK can NBTSTAT server in site B, but get error when trying to join the client computer to the DOMAIN. I have tested a VPN from another site, where the connection is an ADSL same router, Iwas able to joint the domain after setting the MTU to 1428. So I applied the same to the site A, but still no go. We are at the point of looking at alternatives, including a wireless site to site, or converting the site B to an ADSL connection, but cost $$$$. Anyone have success with Windows Domain, VPN on a PPPOE DSL at both ends?
  2. Toxic

    Toxic Administrator Staff Member

    Have a look at the setup configurations at


    did you set the tunnel configs with domain name authentifications?

    I would at a guess think the Local Group Setup needs to have one of these options

    IP + Domain Name(FQDN) Authentication,
    IP + E-mail Addr.(USER FQDN) Authentication,
    Dynamic IP + Domain Name(FQDN) Authentication,
    Dynamic IP + E-mail Addr.(USER FQDN) Authentication.

    The type of Local Security Gateway should match with the Remote Security Gateway Type of VPN devices in the other end of tunnel.
  3. TazUk

    TazUk Network Guru Member

    So both RV's have there MTU set to 1428?

    Does the PC have a firewall installed?
  4. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    Yes have quite a few setup mostly on PPPoE DSL.

    Try joining with full dns suffix?
  5. OpticalMan

    OpticalMan LI Guru Member

    Some other things to try:

    - Check XP firewall settings.
    - Make sure to allow "NetBIOS broadcast" in advanced settings on router.
    - Also, in general, Linksys recommends 1420 MTU if using DSL and VPN. (1428 for cable)
  6. drs_it

    drs_it LI Guru Member

    good stuff

    I am not at the remote site, it is a 2 hour drive to a quarry, and the person there barely knows how to use a microwave, so I have to struggle with getting things going. The XP firewall may be on, but I have not been successfull in getting the person to turn on he remote assistance ,desktop , I can get to the PC remotley, but can't logon till she authorizes it. Will try today to talk her throught it, but not easy as the PC is used to weight the trucks, so have to wait for a rainy day, like today when the trucks are not moving. I am not sure about the IP + FQDN, I believe it is not required for a gateway to gateway? Never had to setup a unit like that, I have 20 in use now,this would be the first, but this site has been the most aggrevating right from the beginning. I have changed the MTU to 1420, on both sites, A and B and will try to get a look at the XP computer myself using the remote desktop. I am also getting a responsible person to get to the site, and install a laptop I setup so I can use that from here to test. I will update my progress.
  7. marshal

    marshal Network Guru Member

    Also.. dont forget one thing.. If you want to have a pc, on a remote location (a) to join the domain on the primary site (b), the pc on site A must be using the dns server for the site b.

    You need that because all the domain "entry" (for netlogon, Active directory..) is located in the DNS of the domain controller.
  8. drs_it

    drs_it LI Guru Member

    DNS, yes not the problem

    DNS, yes the remote is using the DNS on the host site or domain site, as well as the WINS. I have many VPN connections, various equipment from the High end CRYPTEK, to Sonicwall, as well as Linksys, but this particular site, where both ends are DSL PPPoe, both have identical Linksys rv042, I can do all the basic network checks, ping netbios name ,including nbtstat -a etc, but when trying to add the computer at the remote site to the domain, it fails, as I stated I did a test from a client on an ADSL connection (different then PPPoe DSL) to the site where the domain is (PPPoe DSL) and was able to join the domain with no problem, but only after changing the MTU on the remote site Linksys to 1428, It seems to be still an MTU issue, as MTU is outgoing so I am still trying various settings. I can connect to the host or domain site B using Windows remote desktop, just waiting for a person to get to site A, the remote site to enable remote connections on the Xp computer.
  9. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    Second asking of "When you joined...did you do the full DNS suffix? When joining a domain with a virgin workstation across a VPN..I still use this. Once joined you're OK.

    TCP properties, Advanced, DNS tab, put a check in the bottom checkbox for "Use this connections DNS suffix"...and then type in the full DNS suffix in the blank space above. You can remove that once you've joined and built your profile.

    Most of my clients I'll build/deploy workstations at their main office..but in the couple of times I've done a virgin workstation install from a remote site...I do this.
    Regardless of what VPN hardware there is.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice