Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Problem with site to site VPN using a SonicWall PRO 2040 to a SonicWall TZ180

Posted on 2008-10-10
14
Medium Priority
?
451 Views
Last Modified: 2012-08-14
I have a SonicWall PRO 2040 currently setup with a VPN tunnel to a remote network using a SonicWall TZ170.
This works absolutely fine, however, i am in the process of setting up another remote network using the slightly newer TZ180.

The problem I have is that i cannot access the main network from the new remote (TZ180).
The VPN tunnel is active and i can ping computers from the remote to the main network i just can't access any files etc.

I have copied all the settings from the TZ170 to the TZ180 (except for the obvious; IP address, name etc) and i still have no luck.
Is there something obvious i am missing. Do I need to add the details of the new network to any of our servers?
0
Comment
Question by:James Cook
  • 8
  • 6
14 Comments
 
LVL 26

Expert Comment

by:lnkevin
ID: 22687753
I have been through this before and solved it by set up DNS server value on the remote VPN location. Do you have a separate Domain controller in the remote location? if not, use the DNS from your router.

If it still doesn't solve your problem, I suggest you to call SonicWall. They are very good on getting their product connected. If you just purchase the new TZ180, you are still under warranty and should not be charged for anything. Just give them your SN and you can go from there.

K
0
 
LVL 3

Author Comment

by:James Cook
ID: 22688007
One thing i failed to mention was that this is a test setup using one of our spare IP addresses. So they are both connected to the same router.
It makes sense that this could be a DNS issue as both firewalls are using the same DNS from the router.
Unfortunatly I am unable to get to the remote site until next week so had to test it somehow, do you think this could be the cause of the issue.
Also another point to note is that when the tunnel is active I can ping the servers just not access them.
Thanks
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22688657
Can you try to access your server with IP addresss? example: \\10.10.x.x\sharefile....
Can you terminal service to the server with IP address?
What is the error message you have got when attempting to access the server?

To me, it looks much like DNS mis configures  in the VPN firewall.

K
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 
LVL 3

Author Comment

by:James Cook
ID: 22700753
I've tried what you suggested, and yes, i can rdp to our terminal server with the local ip address.
i can also access the fileshare via the ip. I agree it must be a DNS issue. how would i resolve that?
Thanks
0
 
LVL 26

Accepted Solution

by:
lnkevin earned 2000 total points
ID: 22702154
Get in your firewall (both remote and main). Make sure you have proper DNS server IP address set in DNS section. This DNS entry should be your local DNS server. If DNS server is also in DC, your entry should be DC ip address. If the task is hard for you, call SonicWall they will walk you through the steps without any charges.

K
0
 
LVL 3

Author Comment

by:James Cook
ID: 22702243
That worked! Thank you!
Just to confirm I have set it up correctly...
The remote site doesn't have a local DNS server it is located at the main site, therefore i have used the local IP of the DNS server on the main network.
I thought the DNS had to be the DNS that was provided by the ISP, is this not the case? Our other site2site (TZ170) doesn't use a local IP for DNS.
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22702414
If you want to map or browse from remote to main with DNS entry, you have to use DNS entry of the main NOT isp one. Otherwise, how does it recognize the DNS in different servers? You have to make sure both firewalls talking on the same page (DNS), haven't you?

K
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22702474
It's better to have both main and ISP DNSs as primary and secondary DNS. Primary should be main and ISP is sec.

K
0
 
LVL 3

Author Comment

by:James Cook
ID: 22702492
Here's the situation...
Main (PRO 2040): Uses the DNS from ISP - 62.xxx.xxx.xxx
Remote 1 (TZ170): Uses the DNS from ISP - 194.xxx.xxx.xxx * This setup works fine
Remote 2 (TZ180): Now configuered to use local (Main) DNS - 10.0.0.xxx
Remote 2 now works but i don't understand why when remote 1 is different and still works.
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22702676
Must be some blind luck here :P

But it should not work on R 1, indeed. Unless in R 1, there is some where in your configuration a pointer from isp to local dns... or there may be a secondary dns set somewhere. I can't be convinced until I have a touch on your VPN. 194.xxx... looks like an internal IP, to me. Are you sure it's a public IP? the network 62.xxx... looks more like a public one.

K
0
 
LVL 3

Author Comment

by:James Cook
ID: 22702739
194.xxx i think is a BT DNS server.
As main and R1 are working OK i shall leave them as they are. i'll configure R2 to use local DNS plus put the ISP DNS in as a second DNS.
All is working now so thanks for all your help!
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22702746
Plus, you have different version of firewall on R1 and R2 so it's hard to know without taking a close look. I show you the trick. Go in to the firewall under support section and export your configuration and compare between the two. You will see all the hidden things.

K
0
 
LVL 3

Author Closing Comment

by:James Cook
ID: 31504947
Thanks once again for all your help! Much appreciated!
J
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 22702758
You can close this question and award points.

K
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question