Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

Routing and Remote Access - Need advice

I have a Class C network -- 192.168.10.x.

One server is dedicated to routing and remote access - 192.168.10.5.  It has two network cards and I currently have them bridged together.  I have it setup so that clients may VPN in and SUPPOSEDLY I have DHCP RELAY turned on to pull IP's from the Sonicwall.  When I VPN into the network and ipconfig /all, all I see is:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.200.115
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.200.115
        DNS Servers . . . . . . . . . . . : 192.168.200.1
        Primary WINS Server . . . . . . . : 192.168.200.1

I have a few problems.  The first on being I cannot ping servers by name, only by IP.  My DNS server is in fact 192.168.200.1 but for some reason I can't ping anything.  On my client machine, if I force a DNS suffix with the proper name, then i can ping servers by name.

What am I doing wrong?  I do NOT want to configure anything on the client machines other than settings up Microsoft VPN with default settings pointing to the IP of our server.  How can I get the server to send out the domain DNS suffix, or do I need to set this up another way (take advantages of two NICS instead of a single NIC)
0
InterWorks
Asked:
InterWorks
  • 4
  • 2
1 Solution
 
Rob WilliamsCommented:
Your problem is likely NetBIOS names are not broadcast over most VPN's.
You can resolve this in several ways:
1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfd_lmh_QXQQ.asp

The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]
0
 
InterWorksAuthor Commented:
Let me clarify my question.... it is definitely a DNS issue.  I can ping server by IP.  I can ping server by full name  servername.domain.com.  I cannot ping servername.

If I do as you suggested in #7 it does work, but I do not want to reconfigure 100 clients (I assume you are stating to change this setting on each client) I want to set this on the server somewhere so it passes the setting to the client, is this possible?
0
 
Rob WilliamsCommented:
>>"I want to set this on the server somewhere so it passes the setting to the client, is this possible?"

If you are using a Windows server to assign DHCP addresses, I believe it will work for the VPN as well, if you use option 15 in the DHCP scope options "DNS Domain Name" to add the domain suffix.
If you also have a WINS server you can assign the WINS server IP with scope option 44, which works very well.

With a hardware VPN,  if the users were a member of the domain, you can do it with group policy, but with the windows VPN that is not really possible as the VPN is not established at the time of logon.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
InterWorksAuthor Commented:
The sonicwall is properly handing out the WINS address, it's just the domain suffix, if i'm on the network it works fine, it's only when I VPN in that it doesn't give me the domain suffix, I'm trying to avoid putting it on every client and only doing it at the server / dhcp level
0
 
Rob WilliamsCommented:
I did a little reading about adding DNS suffixes with DHCP over a VPN, using DHCP relays, and almost word for word, most of them had a comment "I seem to recall reading somewhere that the DHCP relay method has problems ", but none of the articles went on to explain the problems. You might have better luck if you switched your DHCP services from the SonicWall to a Windows server. It also allows for better dynamic updating of DNS. However, that may be a big change for your environment.
You say the VPN clients are getting the WINS server IP added, but still cannot resolve by NetBIOS name ? Odd?

Try enabling and disabling, if you have not already done so, "Enable broadcast name resolution" under IP tab of properties for the server in the RRAS management console. Disabled should force WINS/DNS resolution, enabled is supposed to allow name resolution without WINS or DNS.

I am out of ideas.
0
 
Rob WilliamsCommented:
Thanks InterWorks,
--Rob
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now