?
Solved

Sonicwall TZ-100 - Site to site VPN connections

Posted on 2010-09-01
8
Medium Priority
?
2,102 Views
Last Modified: 2012-08-14
Hi,

I want to configure a site to site VPN with two Sonicwall TZ-100 firewall devices.  Site 2 needs to connect to a server located in Site 1.

Site 1 has a domain controller and a DNS server. Site 2 has no DNS server and is peer to peer network.

The server in site 1 is not represented by a public ip address, nor does it have an A record registered in a zone file. In  fact, the company does not even own its own domain name.

I would therefore like to register an A record in Site 2 within the sonic wall TZ-100 device since it is the DNS server. Is there a way to accomplish this since the server in Site one is not registered with any public ip address?

Since there is no local DNS server in site 2, the only solution I see is to modify the local hosts file on each computer in site 2. There are less than 10 computers in site 2.

Does anyone know of a better way to access server 1 in site 1 from the computers in site 2? Configuring a DNS server in site 2 is not an option.

Thanks,

Mark
0
Comment
Question by:mbudman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 3

Accepted Solution

by:
robdcoy earned 1000 total points
ID: 33583510
What I have done in the past with things like this is to make the primary DNS in site 2, the DNS server at site 1.  You can always make the secondary DNS a public DNS.  The overhead for a DNS lookup across a VPN is very small and you should be okay.  I hope that I understood your question correctly.  Let me know.
0
 
LVL 3

Expert Comment

by:robdcoy
ID: 33583526
To clarify, sorry, I'm a little tired.  Set this up in the DHCP scope on the Sonicwall at site 2.

IE:

IP Range:  192.168.2.0
Subnet Mask:  255.255.255.0
Gateway:  (IP of Sonicwall)  -  192.168.2.1
DNS1:  Site 1 DNS  -  192.168.1.10
DNS2:  Public DNS, ie AT&T, Comcast, Cox, Nuvox, Level 3, etc
0
 
LVL 33

Expert Comment

by:digitap
ID: 33583577
The only problem with an internal DNS resolving over the VPN is it will more than likely time out and failover over to the public DNS.  Obviously, this will affect resolving to the server from site 2 to site 1.  Since your site 2 is a decentralized network, you're only option is to modify the hosts file.  With only 10 computers, that's not a reall issue.So, I understand that Site 1 doesn't have a public IP on the WAN interface of the Sonicwall, right?  Does Site 2 have a static IP on the WAN interface of the sonicwall?  To establish a VPN, at least one Sonicwall needs to have a static IP.  In that configuration, you'll setup a VPN in agressive mode...I'm sure you knew all that already.
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 1

Author Comment

by:mbudman
ID: 33585446
Hi,

Thank you for all your responses.

Both Site 1 and Site 2 have ISP assigned static Public IP addresses. What I meant was that the company (customer who has this network) has not purchased and not registered a domain. Hence, there are no statically defines public ip addresses defined as A records in a zone file (which does not exist) to reference computers in Site 1 from Site 2.

If I had a DNS server in site 2, I would manually add A records within DNS. Unfortunately, the client cannot afford the extra equipment to configure and set up a local DNS server and / or Domain controller in site.

As for the Sonic wall device, apparently it caches netbios names, so the remote server can be access based on its Netbios name from site 2 to site 1.

I do like the suggestion of setting the primary DNS in site 2 the DNS server in Site 1. That might work or I will just try modifying the host file.

Thanks,

Mark

0
 
LVL 3

Expert Comment

by:robdcoy
ID: 33585978
The DNS timeout would have to be greater than 15 seconds.  I think that is the default timeout for most Windows boxes, but if you had timeouts, I think you would have bigger problems than just DNS issues.

I think you would be okay with 5-10 clients maybe 15 like this depending on the size of your WAN and VPN.
0
 
LVL 32

Assisted Solution

by:nappy_d
nappy_d earned 1000 total points
ID: 33586864
Does site one have an internal DNS server? If it does, I see no problem using this server on site2's computers.

If site1 is an AD domain and you will have site2 participate in this domain then this is fine.

I use this in some sites I manage and I have not any latency issues with site to site vpn and DNS.

Also, if had kicking around an old pc, you could simpy dump Linux on it and setup an opensource DNS solution at either site.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33588343
You may set the primary DNS as you desire...just be aware of the caveats.  I'm glad it has worked for others here...based on my experience, I've had challenges with it.
0
 
LVL 1

Author Closing Comment

by:mbudman
ID: 33589363
Thanks for the assistance.

Cheers,

Mark
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If we need to check who deleted a Virtual Machine from our vCenter. Looking this task in logs can be painful and spend lot of time, so the best way to check this is in the vCenter DB. Just connect to vCenter DB(default DB should be VCDB and using…
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question