I've been working with Checkpoint VPN-1 SecurRemote NGX R60 HFA2 (Build 044)
This article describes how to join a domain remotely and how to log into your domain from the same remote machine. The processes are different. I have been able to successfully join a domain, but then I was not able to log into the domain and use its resources. If you follow these steps, you'll be able to do both successfully.References
You'll want to read this Microsoft support article:
How to write an Lmhosts file for domain validation and other name resolution issues
This article from TechRepublic is helpful, but not entirely necessary:
Join a domain during Windows logon using a VPN client
This Microsoft support article applies to Windows 2000, but is helpful:
Domain Browsing with TCP/IP and LMHOSTS FilesInformation and files you will need before you start:
- The DNS servers for your company domain
- The name of the domain controller for your company domain
- The IP address of your company domain controller
- The IP address of the Checkpoint VPN appliance
- The Checkpoint gateway of the network you are logging on to (may not be required)
- Your domain logon and password MUST be the same as the Checkpoint logon and password
- Before you leave work, collect the DNS servers for your work network. Execute the command
ipconfig /all and copy the DNS server IP addresses.
- Install the Checkpoint client on your home computer according to your network administrator's documentation (you will need to reboot.)
- Setup your network logon according to your company network administrator documentation after you've rebooted.
- You will need to change the DNS servers for your home network. It is important that the DNS server for your work domain is the first DNS server on your home computer.
- Make sure your second DNS server is the primary DNS server for your home internet provider.
- Create your lmhosts file, setting the ip address of your company's domain controller.
- Add the domain DNS to your local DNS names using properties of the TCP/IP driver
nbtstat -R to reload the cache
- Connect to the Checkpoint appliance and logon per your company documentation.
- Join your computer to the domain, assuming you have admin privileges on the company network. If you are using a company laptop, skip this step.
- Modify your Checkpoint client configuration to use SDL (Secure Domain Logon)
- You can delete the lmhosts file at this point, as long as your domain DNS server is the first server in your home computer's DNS list.
- Log on, you should see the Checkpoint SDL log on dialog
- Get ready for a flurry of Checkpoint logon dialogs.
- If you have a home domain, the home domain will have to trust the work domain and vice versa. Good luck with getting that setup. Be sure to send a picture of your network admin when you tell him what you are trying to do.
- You will probably not be able to view computers on your home network. I tried all sorts of experiments and network settings. Nothing worked for me.