Article ID: 311966
Article Last Modified on 10/30/2006
APPLIES TO
- Microsoft Windows 2000 Professional Edition
This article was previously published under Q311966
SYMPTOMS
When you try to log on to a Windows 2000-based domain for connection through a virtual private network (VPN), you may not be able to gain access to resources on the domain without manually passing credentials.
The domain is behind a Cisco PIX firewall, and you are logging on from a computer that runs IRE/Safenet Layer 2 Tunneling Protocol (L2TP) client software.
CAUSE
This behavior can occur if the PIX firewall and the IRE/Safenet client are not passing User Datagram Protocol (UDP) Kerberos traffic.
RESOLUTION
To resolve this behavior, you must force Kerberos to use Transmission Control Protocol (TCP) rather than UDP.
For additional information about forcing Kerberos to use TCP, click the article number%2 below to view the article%2 in the Microsoft Knowledge Base:
244474 Forcing Kerberos to Use TCP Rather Than UDP in Windows 2000
MORE INFORMATION
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
For information about how to contact Cisco Systems, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:
Keywords: kb3rdparty kbnetwork kbprb kbsecurity KB311966