Hi,
This is a long winded storey I will try to abreviate!
Basically we have a local network with an ASG120, and a remote network with a RED. Both networks have standard ADSL connections (the remote is only 512K though).
We want the RED to simply bridge the two networks together, so the fact that the remote is is remote is transparent to the users (other than the obvious speed).
We configured the RED in bridged mode successfuly and do have a network connection between the two sites however the PCs are the remote sites are having all sorts of issues with authentication with the servers at the primary site. It might take a few minutes for a network share to open, but only after a authentication login occurs (which it shouldn't), after which it is acceptable to browse.
The PCs log this in the event log:
Event ID: 40960: The Security System detected an attempted downgrade attack for server DNS/fgcserver.domainname.local. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
Event ID: 40961: The Security System detected an attempted downgrade attack for server DNS/fgcserver.domainname.local. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
We are seeing lots of unusual depafult drop DNS packets in the live log.
We have filters to ALLOW filters enabled in attempts to just allow the traffic to flow between the sites (some rules are taken from this forum):
Internal network [ANY] Internet
Any [DHCP] Any
Trusted_INT [Any] Trusted_INT
Internal Netowork [Any] Internal Network
Internet Network [DNS] Internal Network
What else can we do?
Any ideas, or any more info you would like?
Thanks in advance
Guy
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
