1. Home
  2. Networking Firewalls
  3. SonicFirewall, VPN and DNS

SonicFirewall, VPN and DNS

Hello! I just got vpn working on my company's SonicFirewall PRO 2040 Standard and it is doing great. The user runs the SonicWall Global VPN Client and connects to the firewall. Then they can remote desktop to their office computer. Here is the snag: They must remote desktop to their office computer's static ip address because the setup won't resolve any computer names. No one can map network drives over vpn either. This is my first time messing with a firewall and, with exception to this one bug, I believe I have done a good job setting this thing up. Can anyone suggest a possible solution?

Here is a brief description of how things are set up if it helps: Our firewall is at the internal ip address of 192.168.0.1. The DNS server is a computer called DNS1 at 192.168.0.2 and it handles our local dns needs while forwarding to our internet provider for our internet dns needs. Our DHCP server is a machine named Server1 at

192.168.0.3.

I have one VPN Policy named GroupVPN with with no gateway, no destinations, and a Crypto Suite of ESP 3DES HMAC SHA1 (IKE). I basically just used the defaults where possible.

So what do you think?

Thanks! Matthew Hanna

Reply to
irtheman
Loading thread data ...

Your local subnet is the same as most home users subnets and sooner or later this will cause you problems. I would suggest, next time you change things, that you change your local company subnet to

192.168.8.0/24 or something not using 192.168.0.0/24 and not using 192.168.1.0/24 and not using 10.0.0.0/24 either.

We normally create different VPN groups, so that we can limit users to specific ports/IP's in the company:

GRP_IT_SUPPORT all ports/all IP GRP_ACCOUNTING Remote Desktop (3389) only to the Accounting IP's. GRP_.... and you get the idea.

Reply to
Leythos

I will make a note of your suggestion concerning our local subnet so I, or someone else who has the opportunity, can make the adjustment. Thanks! Altogether however, you are suggesting that the home network might be trying to resolve the computer name instead of the company dns? Maybe, but would that also explain why traveling employees who use dialup and no other network connection can't use the office computer names?

Thanks! Matthew Hanna

Reply to
irtheman

[fixed improper quoting]

Many things happen when both sides have the same subnet. What you have to see on your firewall/rules is if you permit DNS through the VPN connection.

Reply to
Leythos

Make sure you have "Enable Windows Networking (NetBIOS) Broadcast" checked in your VPN connection advanced settings for the connection and make sure that in the general VPN advanced settings "Disable all VPN Windows Networking (NetBIOS) Broadcasts" is not checked.

Reply to
Cliff

Thanks! I am going to give this a try from home tonight and see how it works.

Matthew Hanna

Reply to
irtheman

Add the dns information into the local pc's lmhost file. I have had teh same issue at this end when connecting to servers and this sorted it out.

irtheman wrote:

Reply to
Phil

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.