We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Routing and Remote Access - Need advice

InterWorks
InterWorks asked
on
Medium Priority
342 Views
Last Modified: 2010-03-19
I have a Class C network -- 192.168.10.x.

One server is dedicated to routing and remote access - 192.168.10.5.  It has two network cards and I currently have them bridged together.  I have it setup so that clients may VPN in and SUPPOSEDLY I have DHCP RELAY turned on to pull IP's from the Sonicwall.  When I VPN into the network and ipconfig /all, all I see is:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.200.115
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.200.115
        DNS Servers . . . . . . . . . . . : 192.168.200.1
        Primary WINS Server . . . . . . . : 192.168.200.1

I have a few problems.  The first on being I cannot ping servers by name, only by IP.  My DNS server is in fact 192.168.200.1 but for some reason I can't ping anything.  On my client machine, if I force a DNS suffix with the proper name, then i can ping servers by name.

What am I doing wrong?  I do NOT want to configure anything on the client machines other than settings up Microsoft VPN with default settings pointing to the IP of our server.  How can I get the server to send out the domain DNS suffix, or do I need to set this up another way (take advantages of two NICS instead of a single NIC)
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013
Commented:
Your problem is likely NetBIOS names are not broadcast over most VPN's.
You can resolve this in several ways:
1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfd_lmh_QXQQ.asp

The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Let me clarify my question.... it is definitely a DNS issue.  I can ping server by IP.  I can ping server by full name  servername.domain.com.  I cannot ping servername.

If I do as you suggested in #7 it does work, but I do not want to reconfigure 100 clients (I assume you are stating to change this setting on each client) I want to set this on the server somewhere so it passes the setting to the client, is this possible?
CERTIFIED EXPERT
Top Expert 2013

Commented:
>>"I want to set this on the server somewhere so it passes the setting to the client, is this possible?"

If you are using a Windows server to assign DHCP addresses, I believe it will work for the VPN as well, if you use option 15 in the DHCP scope options "DNS Domain Name" to add the domain suffix.
If you also have a WINS server you can assign the WINS server IP with scope option 44, which works very well.

With a hardware VPN,  if the users were a member of the domain, you can do it with group policy, but with the windows VPN that is not really possible as the VPN is not established at the time of logon.

Author

Commented:
The sonicwall is properly handing out the WINS address, it's just the domain suffix, if i'm on the network it works fine, it's only when I VPN in that it doesn't give me the domain suffix, I'm trying to avoid putting it on every client and only doing it at the server / dhcp level
CERTIFIED EXPERT
Top Expert 2013

Commented:
I did a little reading about adding DNS suffixes with DHCP over a VPN, using DHCP relays, and almost word for word, most of them had a comment "I seem to recall reading somewhere that the DHCP relay method has problems ", but none of the articles went on to explain the problems. You might have better luck if you switched your DHCP services from the SonicWall to a Windows server. It also allows for better dynamic updating of DNS. However, that may be a big change for your environment.
You say the VPN clients are getting the WINS server IP added, but still cannot resolve by NetBIOS name ? Odd?

Try enabling and disabling, if you have not already done so, "Enable broadcast name resolution" under IP tab of properties for the server in the RRAS management console. Disabled should force WINS/DNS resolution, enabled is supposed to allow name resolution without WINS or DNS.

I am out of ideas.
CERTIFIED EXPERT
Top Expert 2013

Commented:
Thanks InterWorks,
--Rob
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.