Question : Running Logon Scripts through a VPN Concentrator

Hi,
   I've been reading a little bit on this board and on Cisco about how to run Windows Logon Scripts through our VPN Concentrators but still am not sure how to actually implement it. The scenario we want is for our remote users who come in through the concentrator to be able to get their network drive mappings which are located on Windows 2003 servers via the DC logon scripts.

I saw that you need to go into options of the VPN Client to check "Enalbe start before logon" but what else needs to be done? Do I need to enable anything on Concentrator? I assume that the Firewall also needs to be configured to allow the DC's and the 2003 file servers through as well. Anyone know which ports would have to be configured for them on the Firewall.

We have a Pix Firewall behind our Cisco VPN Concentrator. So people are connecting to the VPN Concentrator first.

Thanks

Answer : Running Logon Scripts through a VPN Concentrator

If you are using hardware VPN on BOTH ENDS of the tunnel, then you need to think of the user as just on the end of a veeeeerrrry lonog CAT5 cable.  It is no different.  The VPN concentrator handles the tunnels.  The users log into the 2003 server just like they are on a long ethernet cable, login is no different, and the scripts to run on the windows server are no different.

Now if the 2003 server does the VPN, everything is a lot more complicated, because it must FIRST VPN and then authenticate, so the procedure is different.  If your clients are logging in to the VPN concentrator to get the VPN via a "Cisco client" software package, THAT package does the VPN connect.  So even in that case, the LOGIN to the 2003 server is no diffferent than a full hardware VPN -- just a long cable.

Does that answer it?