From: dotted_i@vitaemail.com   
      
    I have a Cisco 800 router w/ easy vpn. It is setup to allow IP access from   
   outside to inside the network using ip address only.   
      
   However now i need to have my users   
      
   1) authenticate via the Windows Domain controller (PDC) on connection.   
   2) once authenticated, they need to be identified by the network as   
   Domain\User and not have to reenter the username and password when accessing   
   network shares   
   3) users need to be able to access computers via thier netbios name i.e.   
   "ping foobar"   
      
   is this doable ? where can i find info how to do this. attached is my config   
   file. am i may blocking something w/ my firewall ? would i need to change a   
   lot to get it working ? also do i have to assign my vpn users an address   
   from another subnet can't i give them an address from my office subnet ?   
      
   thanx !   
      
      
   adam#sh running-config   
   Building configuration...   
      
   Current configuration : 5339 bytes   
   !   
   version 12.3   
   no service pad   
   service timestamps debug uptime   
   service timestamps log uptime   
   service password-encryption   
   !   
   hostname foo   
   !   
   no logging buffered   
   no logging console   
   enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXX   
   !   
   username CRWS_Giri privilege 15 password 7 XXXXXXXXXXXXXXXXXXXXXXX   
   username XXXXX password 7 XXXXXXXXXXXXXXXXX   
   username sdm privilege 15 password 7 XXXXXXXXXXXXXX   
   aaa new-model   
   !   
   !   
   aaa authentication password-prompt "Enter your password now:"   
   aaa authentication username-prompt "Enter your name here:"   
   aaa authentication login default local   
   aaa authentication login userlist local   
   aaa authentication ppp default local   
   aaa authorization network grouplist local   
   aaa session-id common   
   ip subnet-zero   
   ip dhcp excluded-address 10.10.10.1   
   ip dhcp excluded-address 10.10.10.129 10.10.10.254   
   !   
   ip dhcp pool CLIENT   
      import all   
      network 10.10.10.0 255.255.255.0   
      default-router 10.10.10.1   
      lease infinite   
   !   
   ip inspect name myfw cuseeme timeout 3600   
   ip inspect name myfw ftp timeout 3600   
   ip inspect name myfw rcmd timeout 3600   
   ip inspect name myfw realaudio timeout 3600   
   ip inspect name myfw smtp timeout 3600   
   ip inspect name myfw tftp timeout 30   
   ip inspect name myfw udp timeout 15   
   ip inspect name myfw tcp timeout 3600   
   ip inspect name myfw h323 timeout 3600   
   ip inspect name myfw icmp   
   ip audit notify log   
   ip audit po max-events 100   
   ip ssh break-string foo   
   no ftp-server write-enable   
   !   
   !   
   !   
   crypto isakmp policy 1   
   encr 3des   
   authentication pre-share   
   group 2   
   !   
   crypto isakmp policy 2   
   encr 3des   
   hash md5   
   authentication pre-share   
   group 2   
   !   
   crypto isakmp policy 3   
   encr 3des   
   authentication pre-share   
   !   
   crypto isakmp policy 4   
   encr 3des   
   hash md5   
   authentication pre-share   
   !   
   crypto isakmp client configuration group vpn_group   
   key XXXXXXX   
   domain local   
   pool vpnclients   
   acl 129   
   !   
   !   
   crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac   
   crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac   
   crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac   
   crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac   
   !   
   crypto dynamic-map vpnusers 1   
   description Client to Site VPN Users   
   set transform-set tr-des-md5 tr-des-sha tr-3des-sha   
   !   
   !   
   crypto map cm-cryptomap client authentication list userlist   
   crypto map cm-cryptomap isakmp authorization list grouplist   
   crypto map cm-cryptomap client configuration address respond   
   crypto map cm-cryptomap 99 ipsec-isakmp dynamic vpnusers   
   !   
   !   
   !   
   !   
   interface Ethernet0   
   ip address 10.10.10.1 255.255.255.0   
   ip nat inside   
   no ip mroute-cache   
   hold-queue 100 out   
   !   
   interface ATM0   
   no ip address   
   no ip mroute-cache   
   atm vc-per-vp 64   
   no atm ilmi-keepalive   
   pvc 8/48   
   encapsulation aal5mux ppp dialer   
   dialer pool-member 1   
   !   
   dsl operating-mode auto   
   dsl power-cutback 1   
   !   
   interface Dialer0   
   no ip address   
   !   
   interface Dialer1   
   ip address negotiated   
   ip access-group 111 in   
   ip nat outside   
   ip inspect myfw out   
   encapsulation ppp   
   no ip mroute-cache   
   dialer pool 1   
   dialer-group 1   
   ppp authentication chap pap callin   
   ppp chap hostname XXXXXXXXXXXXX   
   ppp chap password 7 XXXXXXXXXXXX   
   ppp pap sent-username XXXXXXXXXXXXX password 7 XXXXXXXXXXXXX   
   ppp ipcp dns request   
   ppp ipcp wins request   
   crypto map cm-cryptomap   
   hold-queue 224 in   
   !   
   ip local pool vpnclients 192.168.10.1 192.168.10.254   
   ip nat inside source route-map nonat interface Dialer1 overload   
   ip classless   
   ip route 0.0.0.0 0.0.0.0 Dialer1   
   ip http server   
   ip http authentication local   
   no ip http secure-server   
   !   
      
   access-list 23 permit 10.10.10.0 0.0.0.255   
   access-list 111 permit icmp any any administratively-prohibited   
   access-list 111 permit icmp any any echo   
   access-list 111 permit icmp any any echo-reply   
   access-list 111 permit icmp any any packet-too-big   
   access-list 111 permit icmp any any time-exceeded   
   access-list 111 permit icmp any any traceroute   
   access-list 111 permit icmp any any unreachable   
   access-list 111 permit udp any eq bootps any eq bootpc   
   access-list 111 permit udp any eq bootps any eq bootps   
   access-list 111 permit udp any eq domain any   
   access-list 111 permit esp any any   
   access-list 111 permit udp any any eq isakmp   
   access-list 111 permit udp any any eq 10000   
   access-list 111 permit tcp any any eq 1723   
   access-list 111 permit tcp any any eq 139   
   access-list 111 permit udp any any eq netbios-ns   
   access-list 111 permit udp any any eq netbios-dgm   
   access-list 111 permit gre any any   
   access-list 111 permit ip 192.168.2.0 0.0.0.255 10.10.10.0 0.0.0.255   
   access-list 111 permit udp any any eq non500-isakmp   
   access-list 129 permit ip 10.10.10.0 0.0.0.255 192.168.2.0 0.0.0.255   
   access-list 150 deny   ip 10.10.10.0 0.0.0.255 192.168.2.0 0.0.0.255   
   access-list 150 permit ip 10.10.10.0 0.0.0.255 any   
   dialer-list 1 protocol ip permit   
   route-map nonat permit 10   
   match ip address 150   
   !   
   banner motd ^CWelcome To The Machine.^C   
   !   
   line con 0   
   exec-timeout 120 0   
   no modem enable   
   transport preferred all   
   transport output all   
   stopbits 1   
   line aux 0   
   transport preferred all   
   transport output all   
   line vty 0 4   
   access-class 23 in   
   exec-timeout 120 0   
   length 0   
   transport preferred all   
   transport input all   
   transport output all   
   !   
   scheduler max-task-time 5000   
   !   
   end   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)