SonicWALL VPN Problems
Posted on 2004-08-10
We run a SonicWALL PRO-330 with firmware version 6.6. I am currently attempting to get the vpn operational (we've paid for the vpn component and it is a registered product service on the SonicWALL website), the Global VPN client has been downloaded and installed on a notebook I am using for the testing. ALL tests thus far have been performed with the notebook connected to a small 3Com switch on the DMZ using one of our legal public IPs for the hard connection...
The firewall VPN settings areas follows:
In "Global VPN Settings" - VPN is enabled; Disable all VPN Windows Networking (NetBIOS) broadcast is NOT selected; Require authentication of VPN clients via XAUTH IS selected; In VPN "Advanced Settings" - Enable Windows Networking (NetBIOS) broadcast IS selected; VPN Terminated at LAN IS selected; Client is allowed traffic to any destination IS selected...
At this point, DHCP is NOT enabled on the firewall - and the firewall is NOT providing pass through for the client to get an IP from a DHCP server on the LAN...... (more on this later)......
There is a test user with password set up on the firewall, and the connection is configured to use a shared secret.
I can make a connection to the WAN IP of the firewall, and can ping IP addresses and FQDNs on the LAN with the following config on the VPN virtual adapter:
Obtain an IP automatically (DHCP, believe it or not); internal DNS and WINS servers statically entered, and NO gateway configured....when i do an ipconfig /all on the virtual adapter, I get this:
IP=22.214.171.124 (not sure where this address is coming from)
DHCP Server=126.96.36.199 (not sure where this address is coming from)
What I CAN'T do is map to a UNC path: ex. \\servername\c$, or resolve the Exchange server name when attempting to set up an Outlook profile....get the messages "Network path not found", or "Server not found"... NetBIOS resolution not working, perhaps ??
When I initially tried to set up the VPN connection, I configured the clients to get DHCP addresses from a server on the LAN, and that WAS successful, BUT if I got an address this way, I couldn't ping ANYTHING on the LAN, no IP addresses, no names....nothing. And if I configure the virtual adapter with a static LAN IP, MASK, gateway, etc..I get the same result, not able to ping anything.....I am only able to ping with the IP config listed above....at this point, the VPN client is not authenticating to the domain as far as I can tell........how would that be set up ??
If anyone has any ideas, I'd certainly appreciate your input.
THANKS ALL !