Routing and Remote Access - Need advice

Posted on 2006-04-01
Last Modified: 2010-03-19
I have a Class C network -- 192.168.10.x.

One server is dedicated to routing and remote access -  It has two network cards and I currently have them bridged together.  I have it setup so that clients may VPN in and SUPPOSEDLY I have DHCP RELAY turned on to pull IP's from the Sonicwall.  When I VPN into the network and ipconfig /all, all I see is:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :
        Primary WINS Server . . . . . . . :

I have a few problems.  The first on being I cannot ping servers by name, only by IP.  My DNS server is in fact but for some reason I can't ping anything.  On my client machine, if I force a DNS suffix with the proper name, then i can ping servers by name.

What am I doing wrong?  I do NOT want to configure anything on the client machines other than settings up Microsoft VPN with default settings pointing to the IP of our server.  How can I get the server to send out the domain DNS suffix, or do I need to set this up another way (take advantages of two NICS instead of a single NIC)
Question by:InterWorks
    LVL 77

    Accepted Solution

    Your problem is likely NetBIOS names are not broadcast over most VPN's.
    You can resolve this in several ways:
    1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\\ShareName   or map a drive at a  command prompt using  
     Net  Use  U:  \\\ShareName
    2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;      CompName       #PRE
    Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
    More details regarding LMHosts file:

    The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
    3) if you have a WINS server add that to the network cards configuration
    4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
    5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
    6) verify your router does not have a "block NetBIOS broadcast" option enabled
    7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]
    LVL 1

    Author Comment

    Let me clarify my question.... it is definitely a DNS issue.  I can ping server by IP.  I can ping server by full name  I cannot ping servername.

    If I do as you suggested in #7 it does work, but I do not want to reconfigure 100 clients (I assume you are stating to change this setting on each client) I want to set this on the server somewhere so it passes the setting to the client, is this possible?
    LVL 77

    Expert Comment

    by:Rob Williams
    >>"I want to set this on the server somewhere so it passes the setting to the client, is this possible?"

    If you are using a Windows server to assign DHCP addresses, I believe it will work for the VPN as well, if you use option 15 in the DHCP scope options "DNS Domain Name" to add the domain suffix.
    If you also have a WINS server you can assign the WINS server IP with scope option 44, which works very well.

    With a hardware VPN,  if the users were a member of the domain, you can do it with group policy, but with the windows VPN that is not really possible as the VPN is not established at the time of logon.
    LVL 1

    Author Comment

    The sonicwall is properly handing out the WINS address, it's just the domain suffix, if i'm on the network it works fine, it's only when I VPN in that it doesn't give me the domain suffix, I'm trying to avoid putting it on every client and only doing it at the server / dhcp level
    LVL 77

    Expert Comment

    by:Rob Williams
    I did a little reading about adding DNS suffixes with DHCP over a VPN, using DHCP relays, and almost word for word, most of them had a comment "I seem to recall reading somewhere that the DHCP relay method has problems ", but none of the articles went on to explain the problems. You might have better luck if you switched your DHCP services from the SonicWall to a Windows server. It also allows for better dynamic updating of DNS. However, that may be a big change for your environment.
    You say the VPN clients are getting the WINS server IP added, but still cannot resolve by NetBIOS name ? Odd?

    Try enabling and disabling, if you have not already done so, "Enable broadcast name resolution" under IP tab of properties for the server in the RRAS management console. Disabled should force WINS/DNS resolution, enabled is supposed to allow name resolution without WINS or DNS.

    I am out of ideas.
    LVL 77

    Expert Comment

    by:Rob Williams
    Thanks InterWorks,

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now