[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Sonicwall TZ-100 - Site to site VPN connections

Posted on 2010-09-01
8
Medium Priority
?
2,107 Views
Last Modified: 2012-08-14
Hi,

I want to configure a site to site VPN with two Sonicwall TZ-100 firewall devices.  Site 2 needs to connect to a server located in Site 1.

Site 1 has a domain controller and a DNS server. Site 2 has no DNS server and is peer to peer network.

The server in site 1 is not represented by a public ip address, nor does it have an A record registered in a zone file. In  fact, the company does not even own its own domain name.

I would therefore like to register an A record in Site 2 within the sonic wall TZ-100 device since it is the DNS server. Is there a way to accomplish this since the server in Site one is not registered with any public ip address?

Since there is no local DNS server in site 2, the only solution I see is to modify the local hosts file on each computer in site 2. There are less than 10 computers in site 2.

Does anyone know of a better way to access server 1 in site 1 from the computers in site 2? Configuring a DNS server in site 2 is not an option.

Thanks,

Mark
0
Comment
Question by:mbudman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 3

Accepted Solution

by:
robdcoy earned 1000 total points
ID: 33583510
What I have done in the past with things like this is to make the primary DNS in site 2, the DNS server at site 1.  You can always make the secondary DNS a public DNS.  The overhead for a DNS lookup across a VPN is very small and you should be okay.  I hope that I understood your question correctly.  Let me know.
0
 
LVL 3

Expert Comment

by:robdcoy
ID: 33583526
To clarify, sorry, I'm a little tired.  Set this up in the DHCP scope on the Sonicwall at site 2.

IE:

IP Range:  192.168.2.0
Subnet Mask:  255.255.255.0
Gateway:  (IP of Sonicwall)  -  192.168.2.1
DNS1:  Site 1 DNS  -  192.168.1.10
DNS2:  Public DNS, ie AT&T, Comcast, Cox, Nuvox, Level 3, etc
0
 
LVL 33

Expert Comment

by:digitap
ID: 33583577
The only problem with an internal DNS resolving over the VPN is it will more than likely time out and failover over to the public DNS.  Obviously, this will affect resolving to the server from site 2 to site 1.  Since your site 2 is a decentralized network, you're only option is to modify the hosts file.  With only 10 computers, that's not a reall issue.So, I understand that Site 1 doesn't have a public IP on the WAN interface of the Sonicwall, right?  Does Site 2 have a static IP on the WAN interface of the sonicwall?  To establish a VPN, at least one Sonicwall needs to have a static IP.  In that configuration, you'll setup a VPN in agressive mode...I'm sure you knew all that already.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 1

Author Comment

by:mbudman
ID: 33585446
Hi,

Thank you for all your responses.

Both Site 1 and Site 2 have ISP assigned static Public IP addresses. What I meant was that the company (customer who has this network) has not purchased and not registered a domain. Hence, there are no statically defines public ip addresses defined as A records in a zone file (which does not exist) to reference computers in Site 1 from Site 2.

If I had a DNS server in site 2, I would manually add A records within DNS. Unfortunately, the client cannot afford the extra equipment to configure and set up a local DNS server and / or Domain controller in site.

As for the Sonic wall device, apparently it caches netbios names, so the remote server can be access based on its Netbios name from site 2 to site 1.

I do like the suggestion of setting the primary DNS in site 2 the DNS server in Site 1. That might work or I will just try modifying the host file.

Thanks,

Mark

0
 
LVL 3

Expert Comment

by:robdcoy
ID: 33585978
The DNS timeout would have to be greater than 15 seconds.  I think that is the default timeout for most Windows boxes, but if you had timeouts, I think you would have bigger problems than just DNS issues.

I think you would be okay with 5-10 clients maybe 15 like this depending on the size of your WAN and VPN.
0
 
LVL 32

Assisted Solution

by:nappy_d
nappy_d earned 1000 total points
ID: 33586864
Does site one have an internal DNS server? If it does, I see no problem using this server on site2's computers.

If site1 is an AD domain and you will have site2 participate in this domain then this is fine.

I use this in some sites I manage and I have not any latency issues with site to site vpn and DNS.

Also, if had kicking around an old pc, you could simpy dump Linux on it and setup an opensource DNS solution at either site.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33588343
You may set the primary DNS as you desire...just be aware of the caveats.  I'm glad it has worked for others here...based on my experience, I've had challenges with it.
0
 
LVL 1

Author Closing Comment

by:mbudman
ID: 33589363
Thanks for the assistance.

Cheers,

Mark
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
Teach the user how to install and configure the vCenter Orchestrator virtual appliance Open vSphere Web Client: Deploy vCenter Orchestrator virtual appliance OVA file: Verify vCenter Orchestrator virtual appliance boots successfully: Connect to the …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question