My experience has been the same. When you add CAG/AAC to an existing enterprise network, there are A LOT of "little things" to learn and overcome. It is actually kind of fun-( nerd alert!) Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd D8453 Scottsdale, AZ 85262 (602) 432-8649 www.thinclient.net steveg@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeremy Saunders Sent: Wednesday, May 31, 2006 6:39 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Issue with AG 4.2.2 code Thanks for that tip Rick. I'm not much of a Linux person, but managed to work my way around theVPNAdmin Console okay. Ethereal showed that everything was okay. However, when I ran netmon on the Internal servers, they were showing traffic being received from a NAT'd address, rather than the real address of the AG. So the PIX firewall logs weren't showing any drops, it was just not working because I was unaware of the NAT. I've spent two days trying to get this AG working. One problem was my fault, the rest have been firewall issues, which we have no control over :( Having said that, the more you have to trace through these issues to diagnose what's going on, the more you learn. Cheers. Kind regards, Jeremy Saunders Senior Technical Specialist Infrastructure Technology Services (ITS) & Cerulean Global Technology Services (GTS) IBM Australia Level 2, 1060 Hay Street West Perth WA 6005 Visit us at http://www.ibm.com/services/au/its P: +61 8 9261 8412 F: +61 8 9261 8486 M: TBA E-mail: jeremy.saunders@xxxxxxxxxxx "Rick Mack" e.com.au> To Sent by: thin-bounce@freel cc ists.org Subject [THIN] Re: Issue with AG 4.2.2 code 31/05/2006 06:47 AM Please respond to thin Hi Jeremy, Try using ethereal in the VPNAdmin console. That might give you a clue as to what's broken. It's actually not that hard to extend the diagnostic capability on the CAG. Once you know the config layout, you can either use a Knoppix CDROM to access the CAG file system directly for editting [not recommended], or edit the config pre-installation by using something like MagicISO, for customer specific branding and other mods. regards, Rick Ulrich Mack Volante Systems _____ From: thin-bounce@xxxxxxxxxxxxx on behalf of Jeremy Saunders Sent: Wed 31/05/2006 0:32 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Issue with AG 4.2.2 code No the same config. I'm using it without AAC, so the authentication is done from the AG to the Domain Controllers through the firewall. We've got TCP 389 open (amongst others), but are getting the unsuccessful bind errors. Kind regards, Jeremy Saunders Senior Technical Specialist Infrastructure Technology Services (ITS) & Cerulean Global Technology Services (GTS) IBM Australia Level 2, 1060 Hay Street West Perth WA 6005 Visit us at http://www.ibm.com/services/au/its P: +61 8 9261 8412 F: +61 8 9261 8486 M: TBA E-mail: jeremy.saunders@xxxxxxxxxxx "Pavlo Ignatusha" <Pavlo.Ignatusha@ pemreghos.org> To Sent by: <thin@xxxxxxxxxxxxx> thin-bounce@freel cc ists.org Subject [THIN] Re: Issue with AG 4.2.2 code 30/05/2006 08:26 PM Please respond to thin We are running 4.2.2 with AAC and authenticate to AD. It seems to work fine (updated May 24). Thanks, Pavlo Ignatusha Systems Network Coordinator Pembroke Regional Hospital tel. +1 (613) 732-3675 ext.6150 fax. +1 (613) 732-9986 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeremy Saunders Sent: May 30, 2006 7:55 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Issue with AG 4.2.2 code Hi, I've just set up a new AG with the latest code and we are unable to use the LDAP Authentication. The logs give us an unsuccessful bind error, which we cannot explain, as an ldap authentication to their domain controllers is working fine from my laptop, etc, and there is nothing being blocked on the firewall between the AG and the domain controllers. Has anyone else found any issues with this release of code? Just the AG...no AAC involved here. Cheers. Kind regards, Jeremy Saunders Senior Technical Specialist Infrastructure Technology Services (ITS) & Cerulean Global Technology Services (GTS) IBM Australia Level 2, 1060 Hay Street West Perth WA 6005 Visit us at http://www.ibm.com/services/au/its P: +61 8 9261 8412 F: +61 8 9261 8486 M: TBA E-mail: jeremy.saunders@xxxxxxxxxxx ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ -- The information in this email belongs to the Pembroke Regional Hospital and may contain confidential and privileged information for the sole use of the individual or organization to which it is addressed. If you are not the intended recipient, you are hereby notified that any disclosure, copying or distribution of the contents of this email is prohibited. If you have received this email in error, please contact the sender and destroy all copies of the original message. ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ############################################################################ ######### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this e-mail has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this e-mail is prohibited. If you have received it in error please notify the sender immediately by reply e-mail and destroy all copies of this e-mail and any attachments. All liability for direct and indirect loss arising from this e-mail and any attachments is hereby disclaimed to the extent permitted by law. ############################################################################ ######### ############################################################################ ######### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this e-mail has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this e-mail is prohibited. If you have received it in error please notify the sender immediately by reply e-mail and destroy all copies of this e-mail and any attachments. All liability for direct and indirect loss arising from this e-mail and any attachments is hereby disclaimed to the extent permitted by law. ############################################################################ ######### (See attached file: winmail.dat)