Name Resolution fails over Netgear Firewall Point to Point VPN

OK,

So we have two netgear firewalls that are running a hardware VPN per the instructions here:
http://kbserver.netgear.com/inquira/default.asp?ui_mode=answer&prior_transaction_id=2069&action_code=5&highlight_info=16777291,10,19&turl=http%3A%2F%2Fkbserver.netgear.com%2Fkb_web_files%2FN101499.asp&answer_id=206905334#__highlight

I realize this is very similar to teh question we had recently asked, please bear with me.

The central location is where the domain\DNS(Win 2003 server) server is bieng hosted, and i know the tunnel is working because i can ping the servers IP address, and even access shared resources via \\<serverIP>, however when i try to access resources via \\<serverName>, everything falls apart.

I have configured the Dns servers on the satellite firewall to be the servers IP address.  When i do a nslookup from a remote machine i get no response from the server.  However dns is running and processes requests locally no problem.

I have enabled netBios on a remote test machine

The other weird thing is that i can browse the web from this remote machine, with the only DNS entry bieng the server, so it seems certain DNS requests are bieng responded to.

Some other info that might be helpfull:
central office lan IP: 192.168.1.
satellite office Lan IP: 192.168.2.x

Id be happy to answer any questions
DotFoilAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
DotFoil, NetBIOS names do not broadcast over a VPN so you are correct in trying to resolve via DNS. You can resolve NetBIOS names if you have a WINS server, or as per # 2 below you can make use of the LMHosts file. Have a look at items 4-7 below for DNS options in my "name resolution list for VPN's" :-) See if any of those option help.
--Rob
Connecting to remote devices over a VPN:
1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfd_lmh_QXQQ.asp
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DotFoilAuthor Commented:
hmm,

1. so using the server IP does work, and we may just have to set this up with login scripts because name resolution is just not working
2. I have not tried using the LMHosts mostly because this is for an office that is 45 minutes away and would be rediculouse to try and maintain that kinda list.
3. & 4. i have tried to use WINS with no luck
5. I have manually configured the DNS entries on the firewall, and individually for each machine, still i fail to resolve anykind of name, (server Name or FQDN). even though i can ping the server, and locally on the server i can resolve anything i want.
6. oops

Ok so i found the error. There was a Rule in the firewall forwarding all DNS requests to the server. Im not sure why it conflicted with the tunnel, but obviously it did. tunnel works, server names resolve, mapped network drives work.

All is well now.
Rob WilliamsCommented:
Glad you were able to get it working DotFoil.
thanks,
--Rob
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

DotFoilAuthor Commented:
Yeah,

thanks for your help, i just returned from the client, and it seems it actually needed WINS added to the remote machine adapter
Rob WilliamsCommented:
If WINS is an option it is usually the most dependable over VPN's, not sure why. If you get into the high end WatchGuards, SonicWall, CheckPoint and Cisco units I find DNS resolution works great.
Thanks for the update,
--Rob
DotFoilAuthor Commented:
Id love to get it resolving using DNS, i would think the way its set up would allow DNS to resolve, but maybe im issing something on the server.  DNS just times out when performing NSlookup remotely, but it functions fine locally.  Maybe i have more firewall Mis-configuration to sort out.  but for now WINS will work just fine.

Again thanks for your help, if you have any other suggestions to try please let me know.  Thanks!
Rob WilliamsCommented:
If I come up with any other ideas I will be sure to let you know. I am surprised "adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration" didn't work.

Thanks,
--Rob
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.