Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Windows 2000 + PIX + AD - changing passwords?

Thread Tools

Windows 2000 + PIX + AD - changing passwords?

Posts: n/a
I have a unique problem in that there's nothing in Usenet about it I
can locate

I have a PIX 515 with 6.3(4) FW. I've an Active Directory based
network on the inside. It is the single firewall on my network and the
gateway for all clients.

The PIX is setup for PPTP VPN, authenticating all AD users with dial-in
permissions enabled using RADIUS and then dropping them inside the VPN
to work internally.

All current AD accounts and passwords are able to authenticate on the
VPN and route to workstations inside the network fine; however, if the
user changes their AD password, they can still authenticate properly
PPTP VPN, but they can't get any packets into the network. It seems
they're being redirected or dropped somewhere.

With login before or after password change, the routing tables on the
VPN client are the same (no change). All routing tables given are
correct in both cases, so packets should be getting through in both
situations. It is almost as if passwords or routes are being cached
somewhere and the missing/dropped packet problem persists between
reloads and reboots of the domain controller and the PIX.

I've done everything shy of setup Ethereal in a few places to track
packets. I setup console debugging on the PIX and notice that packets
with the original password show up in the PIX console, but when the AD
password is changed and the user logs on with the new password, and I
don't seem to see the packets in the console.

I'm stumped. Has anyone EVER seen anything like this before? It makes
no sense to me. Is it possible that Routing and Remote Access or
something else could be causing this problem? With all routes intact,
the client knows where to send the packets to, they are apparently just
being dumped or something.

Any help greatly appreciated.

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing PIX-PIX VPN address Cisco 2 10-19-2006 12:44 PM
Windows 2000 - Problem with changing folder icons (shortcuts OK) Ian Jackson Computer Support 4 05-01-2005 06:03 PM
Suggestions for changing ISP's for PIX-to-PIX VPN ? an admin too Cisco 3 11-01-2004 04:17 PM
PIX to PIX to PIX meshed VPN Richard Cisco 1 11-15-2003 07:41 AM
CDO for Windows 2000 vs CDO for Exchange 2000 ASP .Net 2 07-11-2003 12:31 PM