Solved

Sonicwall TZ-100 - Site to site VPN connections

Posted on 2010-09-01
8
2,085 Views
Last Modified: 2012-08-14
Hi,

I want to configure a site to site VPN with two Sonicwall TZ-100 firewall devices.  Site 2 needs to connect to a server located in Site 1.

Site 1 has a domain controller and a DNS server. Site 2 has no DNS server and is peer to peer network.

The server in site 1 is not represented by a public ip address, nor does it have an A record registered in a zone file. In  fact, the company does not even own its own domain name.

I would therefore like to register an A record in Site 2 within the sonic wall TZ-100 device since it is the DNS server. Is there a way to accomplish this since the server in Site one is not registered with any public ip address?

Since there is no local DNS server in site 2, the only solution I see is to modify the local hosts file on each computer in site 2. There are less than 10 computers in site 2.

Does anyone know of a better way to access server 1 in site 1 from the computers in site 2? Configuring a DNS server in site 2 is not an option.

Thanks,

Mark
0
Comment
Question by:mbudman
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 3

Accepted Solution

by:
robdcoy earned 250 total points
ID: 33583510
What I have done in the past with things like this is to make the primary DNS in site 2, the DNS server at site 1.  You can always make the secondary DNS a public DNS.  The overhead for a DNS lookup across a VPN is very small and you should be okay.  I hope that I understood your question correctly.  Let me know.
0
 
LVL 3

Expert Comment

by:robdcoy
ID: 33583526
To clarify, sorry, I'm a little tired.  Set this up in the DHCP scope on the Sonicwall at site 2.

IE:

IP Range:  192.168.2.0
Subnet Mask:  255.255.255.0
Gateway:  (IP of Sonicwall)  -  192.168.2.1
DNS1:  Site 1 DNS  -  192.168.1.10
DNS2:  Public DNS, ie AT&T, Comcast, Cox, Nuvox, Level 3, etc
0
 
LVL 33

Expert Comment

by:digitap
ID: 33583577
The only problem with an internal DNS resolving over the VPN is it will more than likely time out and failover over to the public DNS.  Obviously, this will affect resolving to the server from site 2 to site 1.  Since your site 2 is a decentralized network, you're only option is to modify the hosts file.  With only 10 computers, that's not a reall issue.So, I understand that Site 1 doesn't have a public IP on the WAN interface of the Sonicwall, right?  Does Site 2 have a static IP on the WAN interface of the sonicwall?  To establish a VPN, at least one Sonicwall needs to have a static IP.  In that configuration, you'll setup a VPN in agressive mode...I'm sure you knew all that already.
0
 
LVL 1

Author Comment

by:mbudman
ID: 33585446
Hi,

Thank you for all your responses.

Both Site 1 and Site 2 have ISP assigned static Public IP addresses. What I meant was that the company (customer who has this network) has not purchased and not registered a domain. Hence, there are no statically defines public ip addresses defined as A records in a zone file (which does not exist) to reference computers in Site 1 from Site 2.

If I had a DNS server in site 2, I would manually add A records within DNS. Unfortunately, the client cannot afford the extra equipment to configure and set up a local DNS server and / or Domain controller in site.

As for the Sonic wall device, apparently it caches netbios names, so the remote server can be access based on its Netbios name from site 2 to site 1.

I do like the suggestion of setting the primary DNS in site 2 the DNS server in Site 1. That might work or I will just try modifying the host file.

Thanks,

Mark

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 3

Expert Comment

by:robdcoy
ID: 33585978
The DNS timeout would have to be greater than 15 seconds.  I think that is the default timeout for most Windows boxes, but if you had timeouts, I think you would have bigger problems than just DNS issues.

I think you would be okay with 5-10 clients maybe 15 like this depending on the size of your WAN and VPN.
0
 
LVL 32

Assisted Solution

by:nappy_d
nappy_d earned 250 total points
ID: 33586864
Does site one have an internal DNS server? If it does, I see no problem using this server on site2's computers.

If site1 is an AD domain and you will have site2 participate in this domain then this is fine.

I use this in some sites I manage and I have not any latency issues with site to site vpn and DNS.

Also, if had kicking around an old pc, you could simpy dump Linux on it and setup an opensource DNS solution at either site.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33588343
You may set the primary DNS as you desire...just be aware of the caveats.  I'm glad it has worked for others here...based on my experience, I've had challenges with it.
0
 
LVL 1

Author Closing Comment

by:mbudman
ID: 33589363
Thanks for the assistance.

Cheers,

Mark
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This is an issue that we can get adding / removing permissions in the vCSA 6.0. We can also have issues searching for users / groups in the AD (using your identify sources). This is how one of the ways to handle this issues and fix it.
Teach the user how to install and configure the vCenter Orchestrator virtual appliance Open vSphere Web Client: Deploy vCenter Orchestrator virtual appliance OVA file: Verify vCenter Orchestrator virtual appliance boots successfully: Connect to the …
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now