Go Premium for a chance to win a PS4. Enter to Win


Sonicwall 2040 VPN problem - How to assign ip address to each VPN session

Posted on 2007-12-05
Medium Priority
Last Modified: 2012-06-27
We have a Sonicwall 2040 and a couple users who live in other countries and who VPN in to our network.  We have a Windows 2003 Domain controller, which is our DHCP server.  The problem is, I want to have each VPN session somehow "registered" with the Domain Controller/DHCP server.  I don't know exactly the right terminology, but I don't quite understand how the Sonicwall and Windows DHCP server work together with VPN sessions.  I have the Sonicwall DHCP server disabled of course, but in the VPN section, there is an option for DHCP over VPN.  Should this be configured?  When users connect to our VPN, they get a correct virtual IP address on our LAN, but it seems that the Windows DHCP server doesn't register them with DNS maybe???

We have a new centralized Anti Virus server, and I am trying to push out client installs to the remote users, and the server won't see any PC's on the vpn for some reason.
Question by:jbobst
  • 2
  • 2
LVL 12

Accepted Solution

bhnmi earned 500 total points
ID: 20413672
Configure the DHCP over the VPN option and enable netbios too.
LVL 21

Expert Comment

ID: 20413710
your vpn box should ask for ip address for client from your domain dhcp server
on the dc dhcp server check register dns for dhcp leases

Author Comment

ID: 20443134
I configured the Sonicwall and they are getting an IP address just fine from DHCP, but DNS still doesn't have a record created.  In fact, when I went to view my DNS server (in the Windows Management console), it appears as if none of my office computer have a dns record in there...other than a few computers that have static IP addresses where I manually created a DNS record.  When I checked the DHCP server settings, I have "Enable DNS dynamic updates..."  and "Always dynamically update DNS A and PTR records" checked in the properties section.  I recall not too long ago that when I looked in the DNS server, I saw records for all of my local computers, now there are none!  I had our user from Europe log into the VPN, and he received a good IP address.  The problem was, I couldn't "ping" his pc, unless I used his actual ip address.  I wanted to use the pc name howerver, and I wanted to push our Anti-Virus software to his PC (which needs name resolution).  I manually created a pointer record and an "A" record in my DNS server, then had to flush and registerdns on each NIC adapter on my server, and only then could I finally ping his computer (and push our AV software out to him).  The problem is, that unless I set him up for a static IP address, his IP will change next time he logs in to the VPN and the dns records won't be valid.  I must be missing something in the DHCP server or the DNS server.

One more strange thing is that even though only a couple static IP comptuer have DNS records, I can still ping all of my local pc's in the office network.  How does the ping utility (or rather my pc) know how to resolve the computer name to an IP address if my DNS server doesn't have any forward or reverse lookup records?
LVL 12

Expert Comment

ID: 20443289
It uses ARP or netbios (WINS).
LVL 21

Assisted Solution

from_exp earned 500 total points
ID: 20443470
actually "Always dynamically update DNS A and PTR records" should solve your problem.
Under normal circumstances, your XP pcs will register their name and ip in dns automatically "Register this connection in DNS"

But in case of vpn please check that your clients also receive dns server settings from dhcp server
It is possible, that your sonicwall provides it's own dns settings to clients. In this case you can configure your sonicwall with dns server of your DC

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question