Microsoft KB Archive/311966

= You Cannot Successfully Log On Through L2TP to a Domain That Is Behind a Cisco PIX Firewall =

Article ID: 311966

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q311966



SYMPTOMS
When you try to log on to a Windows 2000-based domain for connection through a virtual private network (VPN), you may not be able to gain access to resources on the domain without manually passing credentials.

The domain is behind a Cisco PIX firewall, and you are logging on from a computer that runs IRE/Safenet Layer 2 Tunneling Protocol (L2TP) client software.



CAUSE
This behavior can occur if the PIX firewall and the IRE/Safenet client are not passing User Datagram Protocol (UDP) Kerberos traffic.



RESOLUTION
To resolve this behavior, you must force Kerberos to use Transmission Control Protocol (TCP) rather than UDP.

For additional information about forcing Kerberos to use TCP, click the article number%2 below to view the article%2 in the Microsoft Knowledge Base:

244474 Forcing Kerberos to Use TCP Rather Than UDP in Windows 2000



MORE INFORMATION
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

For information about how to contact Cisco Systems, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and Software Third-Party Vendor Contact List, A-K

60781 Hardware and Software Third-Party Vendor Contact List, L-P

60782 Hardware and Software Third-Party Vendor Contact List, Q-Z

Keywords: kb3rdparty kbnetwork kbprb kbsecurity KB311966

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.