Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Sonicwall TZ-100 - Site to site VPN connections

Posted on 2010-09-01
Last Modified: 2012-08-14

I want to configure a site to site VPN with two Sonicwall TZ-100 firewall devices.  Site 2 needs to connect to a server located in Site 1.

Site 1 has a domain controller and a DNS server. Site 2 has no DNS server and is peer to peer network.

The server in site 1 is not represented by a public ip address, nor does it have an A record registered in a zone file. In  fact, the company does not even own its own domain name.

I would therefore like to register an A record in Site 2 within the sonic wall TZ-100 device since it is the DNS server. Is there a way to accomplish this since the server in Site one is not registered with any public ip address?

Since there is no local DNS server in site 2, the only solution I see is to modify the local hosts file on each computer in site 2. There are less than 10 computers in site 2.

Does anyone know of a better way to access server 1 in site 1 from the computers in site 2? Configuring a DNS server in site 2 is not an option.


Question by:mbudman
  • 3
  • 2
  • 2
  • +1

Accepted Solution

robdcoy earned 250 total points
ID: 33583510
What I have done in the past with things like this is to make the primary DNS in site 2, the DNS server at site 1.  You can always make the secondary DNS a public DNS.  The overhead for a DNS lookup across a VPN is very small and you should be okay.  I hope that I understood your question correctly.  Let me know.

Expert Comment

ID: 33583526
To clarify, sorry, I'm a little tired.  Set this up in the DHCP scope on the Sonicwall at site 2.


IP Range:
Subnet Mask:
Gateway:  (IP of Sonicwall)  -
DNS1:  Site 1 DNS  -
DNS2:  Public DNS, ie AT&T, Comcast, Cox, Nuvox, Level 3, etc
LVL 33

Expert Comment

ID: 33583577
The only problem with an internal DNS resolving over the VPN is it will more than likely time out and failover over to the public DNS.  Obviously, this will affect resolving to the server from site 2 to site 1.  Since your site 2 is a decentralized network, you're only option is to modify the hosts file.  With only 10 computers, that's not a reall issue.So, I understand that Site 1 doesn't have a public IP on the WAN interface of the Sonicwall, right?  Does Site 2 have a static IP on the WAN interface of the sonicwall?  To establish a VPN, at least one Sonicwall needs to have a static IP.  In that configuration, you'll setup a VPN in agressive mode...I'm sure you knew all that already.
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.


Author Comment

ID: 33585446

Thank you for all your responses.

Both Site 1 and Site 2 have ISP assigned static Public IP addresses. What I meant was that the company (customer who has this network) has not purchased and not registered a domain. Hence, there are no statically defines public ip addresses defined as A records in a zone file (which does not exist) to reference computers in Site 1 from Site 2.

If I had a DNS server in site 2, I would manually add A records within DNS. Unfortunately, the client cannot afford the extra equipment to configure and set up a local DNS server and / or Domain controller in site.

As for the Sonic wall device, apparently it caches netbios names, so the remote server can be access based on its Netbios name from site 2 to site 1.

I do like the suggestion of setting the primary DNS in site 2 the DNS server in Site 1. That might work or I will just try modifying the host file.




Expert Comment

ID: 33585978
The DNS timeout would have to be greater than 15 seconds.  I think that is the default timeout for most Windows boxes, but if you had timeouts, I think you would have bigger problems than just DNS issues.

I think you would be okay with 5-10 clients maybe 15 like this depending on the size of your WAN and VPN.
LVL 32

Assisted Solution

nappy_d earned 250 total points
ID: 33586864
Does site one have an internal DNS server? If it does, I see no problem using this server on site2's computers.

If site1 is an AD domain and you will have site2 participate in this domain then this is fine.

I use this in some sites I manage and I have not any latency issues with site to site vpn and DNS.

Also, if had kicking around an old pc, you could simpy dump Linux on it and setup an opensource DNS solution at either site.
LVL 33

Expert Comment

ID: 33588343
You may set the primary DNS as you desire...just be aware of the caveats.  I'm glad it has worked for others here...based on my experience, I've had challenges with it.

Author Closing Comment

ID: 33589363
Thanks for the assistance.



Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Migrate VMs to AWS EC2 17 121
Sonicwall TZ 190 2 19
Need To Expand VMware Disk Size 50 82
installing vRealize Orchestra 1 28
HOW TO: Connect to the VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere (HTML5 Web) Host Client 6.5, and perform a simple configuration task of adding a new VMFS 6 datastore.
This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question