Solved

Problem with site to site VPN using a SonicWall PRO 2040 to a SonicWall TZ180

Posted on 2008-10-10
14
438 Views
Last Modified: 2012-08-14
I have a SonicWall PRO 2040 currently setup with a VPN tunnel to a remote network using a SonicWall TZ170.
This works absolutely fine, however, i am in the process of setting up another remote network using the slightly newer TZ180.

The problem I have is that i cannot access the main network from the new remote (TZ180).
The VPN tunnel is active and i can ping computers from the remote to the main network i just can't access any files etc.

I have copied all the settings from the TZ170 to the TZ180 (except for the obvious; IP address, name etc) and i still have no luck.
Is there something obvious i am missing. Do I need to add the details of the new network to any of our servers?
0
Comment
Question by:James Cook
  • 8
  • 6
14 Comments
 
LVL 26

Expert Comment

by:lnkevin
Comment Utility
I have been through this before and solved it by set up DNS server value on the remote VPN location. Do you have a separate Domain controller in the remote location? if not, use the DNS from your router.

If it still doesn't solve your problem, I suggest you to call SonicWall. They are very good on getting their product connected. If you just purchase the new TZ180, you are still under warranty and should not be charged for anything. Just give them your SN and you can go from there.

K
0
 
LVL 3

Author Comment

by:James Cook
Comment Utility
One thing i failed to mention was that this is a test setup using one of our spare IP addresses. So they are both connected to the same router.
It makes sense that this could be a DNS issue as both firewalls are using the same DNS from the router.
Unfortunatly I am unable to get to the remote site until next week so had to test it somehow, do you think this could be the cause of the issue.
Also another point to note is that when the tunnel is active I can ping the servers just not access them.
Thanks
0
 
LVL 26

Expert Comment

by:lnkevin
Comment Utility
Can you try to access your server with IP addresss? example: \\10.10.x.x\sharefile....
Can you terminal service to the server with IP address?
What is the error message you have got when attempting to access the server?

To me, it looks much like DNS mis configures  in the VPN firewall.

K
0
 
LVL 3

Author Comment

by:James Cook
Comment Utility
I've tried what you suggested, and yes, i can rdp to our terminal server with the local ip address.
i can also access the fileshare via the ip. I agree it must be a DNS issue. how would i resolve that?
Thanks
0
 
LVL 26

Accepted Solution

by:
lnkevin earned 500 total points
Comment Utility
Get in your firewall (both remote and main). Make sure you have proper DNS server IP address set in DNS section. This DNS entry should be your local DNS server. If DNS server is also in DC, your entry should be DC ip address. If the task is hard for you, call SonicWall they will walk you through the steps without any charges.

K
0
 
LVL 3

Author Comment

by:James Cook
Comment Utility
That worked! Thank you!
Just to confirm I have set it up correctly...
The remote site doesn't have a local DNS server it is located at the main site, therefore i have used the local IP of the DNS server on the main network.
I thought the DNS had to be the DNS that was provided by the ISP, is this not the case? Our other site2site (TZ170) doesn't use a local IP for DNS.
0
 
LVL 26

Expert Comment

by:lnkevin
Comment Utility
If you want to map or browse from remote to main with DNS entry, you have to use DNS entry of the main NOT isp one. Otherwise, how does it recognize the DNS in different servers? You have to make sure both firewalls talking on the same page (DNS), haven't you?

K
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 26

Expert Comment

by:lnkevin
Comment Utility
It's better to have both main and ISP DNSs as primary and secondary DNS. Primary should be main and ISP is sec.

K
0
 
LVL 3

Author Comment

by:James Cook
Comment Utility
Here's the situation...
Main (PRO 2040): Uses the DNS from ISP - 62.xxx.xxx.xxx
Remote 1 (TZ170): Uses the DNS from ISP - 194.xxx.xxx.xxx * This setup works fine
Remote 2 (TZ180): Now configuered to use local (Main) DNS - 10.0.0.xxx
Remote 2 now works but i don't understand why when remote 1 is different and still works.
0
 
LVL 26

Expert Comment

by:lnkevin
Comment Utility
Must be some blind luck here :P

But it should not work on R 1, indeed. Unless in R 1, there is some where in your configuration a pointer from isp to local dns... or there may be a secondary dns set somewhere. I can't be convinced until I have a touch on your VPN. 194.xxx... looks like an internal IP, to me. Are you sure it's a public IP? the network 62.xxx... looks more like a public one.

K
0
 
LVL 3

Author Comment

by:James Cook
Comment Utility
194.xxx i think is a BT DNS server.
As main and R1 are working OK i shall leave them as they are. i'll configure R2 to use local DNS plus put the ISP DNS in as a second DNS.
All is working now so thanks for all your help!
0
 
LVL 26

Expert Comment

by:lnkevin
Comment Utility
Plus, you have different version of firewall on R1 and R2 so it's hard to know without taking a close look. I show you the trick. Go in to the firewall under support section and export your configuration and compare between the two. You will see all the hidden things.

K
0
 
LVL 3

Author Closing Comment

by:James Cook
Comment Utility
Thanks once again for all your help! Much appreciated!
J
0
 
LVL 26

Expert Comment

by:lnkevin
Comment Utility
You can close this question and award points.

K
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now