Sonicwall TZ-100 - Site to site VPN connections
Hi,
I want to configure a site to site VPN with two Sonicwall TZ-100 firewall devices. Site 2 needs to connect to a server located in Site 1.
Site 1 has a domain controller and a DNS server. Site 2 has no DNS server and is peer to peer network.
The server in site 1 is not represented by a public ip address, nor does it have an A record registered in a zone file. In fact, the company does not even own its own domain name.
I would therefore like to register an A record in Site 2 within the sonic wall TZ-100 device since it is the DNS server. Is there a way to accomplish this since the server in Site one is not registered with any public ip address?
Since there is no local DNS server in site 2, the only solution I see is to modify the local hosts file on each computer in site 2. There are less than 10 computers in site 2.
Does anyone know of a better way to access server 1 in site 1 from the computers in site 2? Configuring a DNS server in site 2 is not an option.
Thanks,
Mark
I want to configure a site to site VPN with two Sonicwall TZ-100 firewall devices. Site 2 needs to connect to a server located in Site 1.
Site 1 has a domain controller and a DNS server. Site 2 has no DNS server and is peer to peer network.
The server in site 1 is not represented by a public ip address, nor does it have an A record registered in a zone file. In fact, the company does not even own its own domain name.
I would therefore like to register an A record in Site 2 within the sonic wall TZ-100 device since it is the DNS server. Is there a way to accomplish this since the server in Site one is not registered with any public ip address?
Since there is no local DNS server in site 2, the only solution I see is to modify the local hosts file on each computer in site 2. There are less than 10 computers in site 2.
Does anyone know of a better way to access server 1 in site 1 from the computers in site 2? Configuring a DNS server in site 2 is not an option.
Thanks,
Mark
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The only problem with an internal DNS resolving over the VPN is it will more than likely time out and failover over to the public DNS. Obviously, this will affect resolving to the server from site 2 to site 1. Since your site 2 is a decentralized network, you're only option is to modify the hosts file. With only 10 computers, that's not a reall issue.So, I understand that Site 1 doesn't have a public IP on the WAN interface of the Sonicwall, right? Does Site 2 have a static IP on the WAN interface of the sonicwall? To establish a VPN, at least one Sonicwall needs to have a static IP. In that configuration, you'll setup a VPN in agressive mode...I'm sure you knew all that already.
ASKER
Hi,
Thank you for all your responses.
Both Site 1 and Site 2 have ISP assigned static Public IP addresses. What I meant was that the company (customer who has this network) has not purchased and not registered a domain. Hence, there are no statically defines public ip addresses defined as A records in a zone file (which does not exist) to reference computers in Site 1 from Site 2.
If I had a DNS server in site 2, I would manually add A records within DNS. Unfortunately, the client cannot afford the extra equipment to configure and set up a local DNS server and / or Domain controller in site.
As for the Sonic wall device, apparently it caches netbios names, so the remote server can be access based on its Netbios name from site 2 to site 1.
I do like the suggestion of setting the primary DNS in site 2 the DNS server in Site 1. That might work or I will just try modifying the host file.
Thanks,
Mark
Thank you for all your responses.
Both Site 1 and Site 2 have ISP assigned static Public IP addresses. What I meant was that the company (customer who has this network) has not purchased and not registered a domain. Hence, there are no statically defines public ip addresses defined as A records in a zone file (which does not exist) to reference computers in Site 1 from Site 2.
If I had a DNS server in site 2, I would manually add A records within DNS. Unfortunately, the client cannot afford the extra equipment to configure and set up a local DNS server and / or Domain controller in site.
As for the Sonic wall device, apparently it caches netbios names, so the remote server can be access based on its Netbios name from site 2 to site 1.
I do like the suggestion of setting the primary DNS in site 2 the DNS server in Site 1. That might work or I will just try modifying the host file.
Thanks,
Mark
The DNS timeout would have to be greater than 15 seconds. I think that is the default timeout for most Windows boxes, but if you had timeouts, I think you would have bigger problems than just DNS issues.
I think you would be okay with 5-10 clients maybe 15 like this depending on the size of your WAN and VPN.
I think you would be okay with 5-10 clients maybe 15 like this depending on the size of your WAN and VPN.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You may set the primary DNS as you desire...just be aware of the caveats. I'm glad it has worked for others here...based on my experience, I've had challenges with it.
ASKER
Thanks for the assistance.
Cheers,
Mark
Cheers,
Mark
IE:
IP Range: 192.168.2.0
Subnet Mask: 255.255.255.0
Gateway: (IP of Sonicwall) - 192.168.2.1
DNS1: Site 1 DNS - 192.168.1.10
DNS2: Public DNS, ie AT&T, Comcast, Cox, Nuvox, Level 3, etc