SonicWall VPN Only Connects to Domain Controllers

We have a SonicWall Pro 330.  I had a user say he could not connect to servers and apps via VPN.  I took the laptop home and the only computers it will connect to are our domain controllers (both are also dns servers).  I found the same was true with my home laptop.

We have remote users that use the VPN daily and they have not reported any issues (and I know their connections were working yesterday).

I thought DNS, but all computers internally are working and some remote connections are working.  Does anyone have any ideas?  Here is some more info on our network:

2 - W2k DCs
Various other 2k and 2k3 servers
Sonicwall VPN
Users laptop is XP pro, SP2
My laptop is XP home, SP2

If you need more info, please let me know! TIA!
Who is Participating?

Improve company productivity with a Business Account.Sign Up

saw830Connect With a Mentor Commented:

How does the problem show itself?  Is it an issue with not resolving the server name, or access denied when it connects, or something else?

If it is a name resolution problem, make sure that the DNS settings for the remote PC points to the Internal DNS servers at the office.  Keep in mind that the DNS servers will not be available when the VPN is not connected, so the workstation may have a problem   I believe that if you put one of your internal DNS server address as the first DNS server and a public DNS server address as the second DNS server (all on the remote PC, ya know), the the remote PC will use the internal DNS if it can reach it, and fall back to the second if it can't reach the first.

If it is an access denied message or some other kind of "just can't quite do it" problem, I'd check the Kerberos setttings.  By default, Windows uses UDP/IP for Kerberos traffic, but this doesn't work so well over the internet and VPNs and such.  If this is the problem, an adjustment to the Kerberos settings will fix this.  Here's some doc on this issue:

If that fixes it, but it becomes sporadic, have a look at this:

If you just want to know more about Kerberos, here's an overview:

Give some error messages or symptoms and it will be easier to work out.

Hope this helps,
Rob WilliamsConnect With a Mentor Commented:
Can you ping the systems to which you cannot connect, or connect by IP such as  \\\ShareName ?
What are you using to create the VPN ? The Sonicwall Global VPN client and the router, Windows client and VPN server, or other?
Are the computers that can connect members of the domain and the ones that cannot, not members ?
Are the subnets different at both sites? they should be ?

Sorry more questions than answers, but perhaps we can narrow it down.
nitadminConnect With a Mentor Commented:
Hi SupportECI,

It sounds like you are able to make the VPN connection. But you connect connect to hosts other that the Domain Controllers.

I suggest that you use the internal or private ip addresses of the hosts instead of hosts netbois name.
When you are connecting over a VPN tunnel, your computer ( the remote hosts) will not be able to resolve hosts names to ip addresses. So you should use the ip addresses instead.

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

SupportECIAuthor Commented:
Thanks for the responses.


I can ping and connect to the DCs by name or IP.

I cannot ping or connect by name to other computers (also remoted desktop and VNC do not work).

We are using the sonicwall vpn client.

One of the computers, XP pro, is a member of the domain; Mine, XP home, is not.

I will have to verify the subnets are not the same, I know we have had issues with that before.  But the user does not use a router, so he should not be getting a private IP.  I will check on my router.


see above.


When we try to ping it times out.  When trying to connect to shares, it comes back as "the network path was not found"

I will have to check on the dns setup of the laptops and the rest of your suggestions later when I am out of the office.
Rob WilliamsCommented:
Is there any chance a group policy has been changed that enabled the Windows Firewall on all workstations? Where this was working before, it doesn't sound like a configuration issue, and the fact that you cannot ping by IP rules out DNS, as the primary problem.
When you connect to the Sonicwall using the Sonicwall Global VPN client, are you getting an ip address on the virtual connection? Is the ip address in the same subnet as subnet in office LAN. When connecting to the Sonicwall using Global VPN client you should get an ip address from DHCP server running on the Sonicwall device. If you don't get an ip address from Soincwall Device, then you have to configure a static ip address for the virtual connection. Make sure the address is in the same subnet.

SupportECIAuthor Commented:
Sorry for the delay...

I checked my router and it was set on the same subnet as our internal subnet.  Once I changed this everything worked fine for my computer and the users.  

I am not sure the users issues are fixed yet, however.  The user stated that apps and network shares were not working.  I assumed that he would not have known or thought about trying to connect to our DC's so his issues must have been the same.  Now I am thinking it is a different issue with his connection, but it is obviously not the computer as it worked fine for me.  Also the user said he does not use a router, so since we have the same ISP (sbc yahoo) I am going to try it tonight without the router, just plugged right into the dsl modem.

I will let you know what happens with that.
Rob WilliamsCommented:
>>"The user stated that apps and network shares were not working. "
Can the user connect to the shares by IP  e.g. \\\ShareName  perhaps they now have a connection, assuming their subnet is different, and it is just a name resolution issue at this point.

>>"I am going to try it tonight without the router, just plugged right into the dsl modem."
Good test. Let us know how it goes.
SupportECIAuthor Commented:
Sorry for the delay.

I plugged the laptop straight into the modem and everything worked fine.

So I could not recreate the problem, as the user does not have a router.  I am now not even sure he could reach the DCs.  I have asked him to try it again and to call me when he trys to connect so that we can get more information.  I will update this when he has a chance to try it again (hopefully in the next few days).
Rob WilliamsCommented:
By the way, you mentioned SBC earlier. I have read a few articles lately stating the the SBC connection client can interfere with VPN's. These refereed to PPTP VPN's but may apply to your Global VPN IPSec client as well. As a test you might want to try un-installing if present.

Let us know how it goes.
SupportECIAuthor Commented:
Well all I really don't know what came of the this, because the user never could get connected, but we have never been able to go to his house to see if something might be the problem there.  So I will split points and call it good.  Thanks for all of you suggestions.
Rob WilliamsCommented:
Thanks SupportECI. Enjoy the holiday season.
Cheers !
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.