?
Solved

SonicWall Global VPN Client and Windows DHCP Server

Posted on 2010-11-08
8
Medium Priority
?
1,424 Views
Last Modified: 2012-05-10
We have a SonicWall TZ 170 with DHCP turned off.  I have 2 laptops with near-identical configuration: Windows 7, Windows Firewall off, both with Global VPN Client 4.2.6.0305, both connecting to the same Wireless Access Point (Public IP sitting outside SonicWall), same adapter and client settings, same VPN Policy.  One computer can receive an IP address from our Windows Server via DHCP (NOMAD), one cannot (TOSHLAP-WIN7).  Here's a dump of the logs during each computer's DHCP requests:


31:10.5      DHCP lease relayed to remote device      192.168.0.10, 67, LAN, aptdomain.internal.appliedperformance.com      192.168.0.100, 67, LAN      IP=192.168.0.121, HostName: NOMAD tunnel=GroupVPN
31:10.5      ICMP packet from LAN allowed      192.168.0.10, 512, LAN, aptdomain.internal.appliedperformance.com      192.168.0.121, 8, WAN      ICMP Ping, Code: 0
31:10.5      DHCP REQUEST received from remote device      0.0.0.0, 68, WAN      255.255.255.255, 67, LAN      IP=192.168.0.121, HostName: NOMAD tunnel=GroupVPN
31:10.5      DHCP OFFER received from server      192.168.0.10, 67, LAN, aptdomain.internal.appliedperformance.com      192.168.0.100, 67, LAN      IP=0.0.0.0, HostName: NOMAD tunnel=GroupVPN
31:09.1      DHCP DISCOVER received from remote device      0.0.0.0, 68, WAN      255.255.255.255, 67, LAN      IP=0.0.0.0, HostName: NOMAD tunnel=GroupVPN
                        
                        
35:03.9      DHCP OFFER received from server      192.168.0.10, 67, LAN, aptdomain.internal.appliedperformance.com      192.168.0.100, 67, LAN      IP=0.0.0.0, HostName: TOSHLAP-WIN7 tunnel=GroupVPN
35:03.9      DHCP DISCOVER received from remote device      0.0.0.0, 68, WAN      255.255.255.255, 67, LAN      IP=0.0.0.0, HostName: TOSHLAP-WIN7 tunnel=GroupVPN
35:02.0      DHCP OFFER received from server      192.168.0.10, 67, LAN, aptdomain.internal.appliedperformance.com      192.168.0.100, 67, LAN      IP=0.0.0.0, HostName: TOSHLAP-WIN7 tunnel=GroupVPN
35:00.9      DHCP DISCOVER received from remote device      0.0.0.0, 68, WAN      255.255.255.255, 67, LAN      IP=0.0.0.0, HostName: TOSHLAP-WIN7 tunnel=GroupVPN

SonicWall's IP: 192.168.0.100
DHCP Server: 192.168.0.10

Without knowing the fine details to DHCP handshaking, I noticed the one that fails never receives a DHCP REQUEST from the server for some reason.  Any ideas why?
0
Comment
Question by:Wade_Chestnut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 1

Expert Comment

by:ziaic1
ID: 34088657
Sniff on Toshlap and see if the offer ever makes it from the DHCP server back to the client.
0
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 34088876
something you might want to consider, have the sonicwall handle DHCP for your GVC users.  i've had challenges with DHCP management from Windows servers for GVC users.  since i was already using the WLAN zone to hand out IP to wireless hosts, i merely configured DHCP over VPN to use the WLAN DHCP server to hand out IP to GVC users.

what do you think of that?
0
 

Author Comment

by:Wade_Chestnut
ID: 34094359
Unfortunately, that's what I think we're going to have to do.  I've done some initial testing with the SonicWALL's DHCP server and it works pretty good.  I don't like having to de-centralize a service, but we have to go with what works.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 33

Expert Comment

by:digitap
ID: 34094427
yes.  those were my sentiments.  although, i just thought of something else.  what version of DHCP server you are using.  i realized that conflict detection is set to 0 by default.  you might consider increasing that and see if that resolves your IP allocation issue.

i'm running Windows 2008 DHCP.  Start > Run > dhcpmgmt.msc and press enter.  expand the dhcp server and right-click IPV4 then click Properties.  Go to the Advanced tab and you'll see conflict detection.  it should be set to 0.

if this works, you won't have to decentralize your DHCP service.  let me know one way or the other.
0
 

Author Comment

by:Wade_Chestnut
ID: 34095143
Most of our servers are still 2003.  The main DHCP server had 1 set for Conflict Detection Attempts.

You mentioned it should be set to 0 but also increasing it to see if it resolves the issue?
0
 
LVL 33

Expert Comment

by:digitap
ID: 34095167
no...the default is 0 and setting it higher might resolve your DHCP assignment issue within Windows.

either way, doesn't sound like that's the issue here.
0
 

Author Comment

by:Wade_Chestnut
ID: 34095229
Yeah, I appreciate your suggestion but I think we'll just live with the second DHCP server and document it.  Thanks, again!
0
 
LVL 33

Expert Comment

by:digitap
ID: 34095313
You bet!  Also, thanks for the points!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question