Solved

Problem with site to site VPN using a SonicWall PRO 2040 to a SonicWall TZ180

Posted on 2008-10-10
14
439 Views
Last Modified: 2012-08-14
I have a SonicWall PRO 2040 currently setup with a VPN tunnel to a remote network using a SonicWall TZ170.
This works absolutely fine, however, i am in the process of setting up another remote network using the slightly newer TZ180.

The problem I have is that i cannot access the main network from the new remote (TZ180).
The VPN tunnel is active and i can ping computers from the remote to the main network i just can't access any files etc.

I have copied all the settings from the TZ170 to the TZ180 (except for the obvious; IP address, name etc) and i still have no luck.
Is there something obvious i am missing. Do I need to add the details of the new network to any of our servers?
0
Comment
Question by:James Cook
  • 8
  • 6
14 Comments
 
LVL 26

Expert Comment

by:lnkevin
ID: 22687753
I have been through this before and solved it by set up DNS server value on the remote VPN location. Do you have a separate Domain controller in the remote location? if not, use the DNS from your router.

If it still doesn't solve your problem, I suggest you to call SonicWall. They are very good on getting their product connected. If you just purchase the new TZ180, you are still under warranty and should not be charged for anything. Just give them your SN and you can go from there.

K
0
 
LVL 3

Author Comment

by:James Cook
ID: 22688007
One thing i failed to mention was that this is a test setup using one of our spare IP addresses. So they are both connected to the same router.
It makes sense that this could be a DNS issue as both firewalls are using the same DNS from the router.
Unfortunatly I am unable to get to the remote site until next week so had to test it somehow, do you think this could be the cause of the issue.
Also another point to note is that when the tunnel is active I can ping the servers just not access them.
Thanks
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22688657
Can you try to access your server with IP addresss? example: \\10.10.x.x\sharefile....
Can you terminal service to the server with IP address?
What is the error message you have got when attempting to access the server?

To me, it looks much like DNS mis configures  in the VPN firewall.

K
0
 
LVL 3

Author Comment

by:James Cook
ID: 22700753
I've tried what you suggested, and yes, i can rdp to our terminal server with the local ip address.
i can also access the fileshare via the ip. I agree it must be a DNS issue. how would i resolve that?
Thanks
0
 
LVL 26

Accepted Solution

by:
lnkevin earned 500 total points
ID: 22702154
Get in your firewall (both remote and main). Make sure you have proper DNS server IP address set in DNS section. This DNS entry should be your local DNS server. If DNS server is also in DC, your entry should be DC ip address. If the task is hard for you, call SonicWall they will walk you through the steps without any charges.

K
0
 
LVL 3

Author Comment

by:James Cook
ID: 22702243
That worked! Thank you!
Just to confirm I have set it up correctly...
The remote site doesn't have a local DNS server it is located at the main site, therefore i have used the local IP of the DNS server on the main network.
I thought the DNS had to be the DNS that was provided by the ISP, is this not the case? Our other site2site (TZ170) doesn't use a local IP for DNS.
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22702414
If you want to map or browse from remote to main with DNS entry, you have to use DNS entry of the main NOT isp one. Otherwise, how does it recognize the DNS in different servers? You have to make sure both firewalls talking on the same page (DNS), haven't you?

K
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 26

Expert Comment

by:lnkevin
ID: 22702474
It's better to have both main and ISP DNSs as primary and secondary DNS. Primary should be main and ISP is sec.

K
0
 
LVL 3

Author Comment

by:James Cook
ID: 22702492
Here's the situation...
Main (PRO 2040): Uses the DNS from ISP - 62.xxx.xxx.xxx
Remote 1 (TZ170): Uses the DNS from ISP - 194.xxx.xxx.xxx * This setup works fine
Remote 2 (TZ180): Now configuered to use local (Main) DNS - 10.0.0.xxx
Remote 2 now works but i don't understand why when remote 1 is different and still works.
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22702676
Must be some blind luck here :P

But it should not work on R 1, indeed. Unless in R 1, there is some where in your configuration a pointer from isp to local dns... or there may be a secondary dns set somewhere. I can't be convinced until I have a touch on your VPN. 194.xxx... looks like an internal IP, to me. Are you sure it's a public IP? the network 62.xxx... looks more like a public one.

K
0
 
LVL 3

Author Comment

by:James Cook
ID: 22702739
194.xxx i think is a BT DNS server.
As main and R1 are working OK i shall leave them as they are. i'll configure R2 to use local DNS plus put the ISP DNS in as a second DNS.
All is working now so thanks for all your help!
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22702746
Plus, you have different version of firewall on R1 and R2 so it's hard to know without taking a close look. I show you the trick. Go in to the firewall under support section and export your configuration and compare between the two. You will see all the hidden things.

K
0
 
LVL 3

Author Closing Comment

by:James Cook
ID: 31504947
Thanks once again for all your help! Much appreciated!
J
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22702758
You can close this question and award points.

K
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Watchguard Firewall Setup 3 68
Is MSDN subscription the answer? 4 52
what kind of tasks do I need to conduct in order to configure ip-sec in AWS 1 25
SSL VPN 3 19
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now