?
Solved

SonicWall Global VPN Client and Windows DHCP Server

Posted on 2010-11-08
8
Medium Priority
?
1,442 Views
Last Modified: 2012-05-10
We have a SonicWall TZ 170 with DHCP turned off.  I have 2 laptops with near-identical configuration: Windows 7, Windows Firewall off, both with Global VPN Client 4.2.6.0305, both connecting to the same Wireless Access Point (Public IP sitting outside SonicWall), same adapter and client settings, same VPN Policy.  One computer can receive an IP address from our Windows Server via DHCP (NOMAD), one cannot (TOSHLAP-WIN7).  Here's a dump of the logs during each computer's DHCP requests:


31:10.5      DHCP lease relayed to remote device      192.168.0.10, 67, LAN, aptdomain.internal.appliedperformance.com      192.168.0.100, 67, LAN      IP=192.168.0.121, HostName: NOMAD tunnel=GroupVPN
31:10.5      ICMP packet from LAN allowed      192.168.0.10, 512, LAN, aptdomain.internal.appliedperformance.com      192.168.0.121, 8, WAN      ICMP Ping, Code: 0
31:10.5      DHCP REQUEST received from remote device      0.0.0.0, 68, WAN      255.255.255.255, 67, LAN      IP=192.168.0.121, HostName: NOMAD tunnel=GroupVPN
31:10.5      DHCP OFFER received from server      192.168.0.10, 67, LAN, aptdomain.internal.appliedperformance.com      192.168.0.100, 67, LAN      IP=0.0.0.0, HostName: NOMAD tunnel=GroupVPN
31:09.1      DHCP DISCOVER received from remote device      0.0.0.0, 68, WAN      255.255.255.255, 67, LAN      IP=0.0.0.0, HostName: NOMAD tunnel=GroupVPN
                        
                        
35:03.9      DHCP OFFER received from server      192.168.0.10, 67, LAN, aptdomain.internal.appliedperformance.com      192.168.0.100, 67, LAN      IP=0.0.0.0, HostName: TOSHLAP-WIN7 tunnel=GroupVPN
35:03.9      DHCP DISCOVER received from remote device      0.0.0.0, 68, WAN      255.255.255.255, 67, LAN      IP=0.0.0.0, HostName: TOSHLAP-WIN7 tunnel=GroupVPN
35:02.0      DHCP OFFER received from server      192.168.0.10, 67, LAN, aptdomain.internal.appliedperformance.com      192.168.0.100, 67, LAN      IP=0.0.0.0, HostName: TOSHLAP-WIN7 tunnel=GroupVPN
35:00.9      DHCP DISCOVER received from remote device      0.0.0.0, 68, WAN      255.255.255.255, 67, LAN      IP=0.0.0.0, HostName: TOSHLAP-WIN7 tunnel=GroupVPN

SonicWall's IP: 192.168.0.100
DHCP Server: 192.168.0.10

Without knowing the fine details to DHCP handshaking, I noticed the one that fails never receives a DHCP REQUEST from the server for some reason.  Any ideas why?
0
Comment
Question by:Wade_Chestnut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 1

Expert Comment

by:ziaic1
ID: 34088657
Sniff on Toshlap and see if the offer ever makes it from the DHCP server back to the client.
0
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 34088876
something you might want to consider, have the sonicwall handle DHCP for your GVC users.  i've had challenges with DHCP management from Windows servers for GVC users.  since i was already using the WLAN zone to hand out IP to wireless hosts, i merely configured DHCP over VPN to use the WLAN DHCP server to hand out IP to GVC users.

what do you think of that?
0
 

Author Comment

by:Wade_Chestnut
ID: 34094359
Unfortunately, that's what I think we're going to have to do.  I've done some initial testing with the SonicWALL's DHCP server and it works pretty good.  I don't like having to de-centralize a service, but we have to go with what works.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 33

Expert Comment

by:digitap
ID: 34094427
yes.  those were my sentiments.  although, i just thought of something else.  what version of DHCP server you are using.  i realized that conflict detection is set to 0 by default.  you might consider increasing that and see if that resolves your IP allocation issue.

i'm running Windows 2008 DHCP.  Start > Run > dhcpmgmt.msc and press enter.  expand the dhcp server and right-click IPV4 then click Properties.  Go to the Advanced tab and you'll see conflict detection.  it should be set to 0.

if this works, you won't have to decentralize your DHCP service.  let me know one way or the other.
0
 

Author Comment

by:Wade_Chestnut
ID: 34095143
Most of our servers are still 2003.  The main DHCP server had 1 set for Conflict Detection Attempts.

You mentioned it should be set to 0 but also increasing it to see if it resolves the issue?
0
 
LVL 33

Expert Comment

by:digitap
ID: 34095167
no...the default is 0 and setting it higher might resolve your DHCP assignment issue within Windows.

either way, doesn't sound like that's the issue here.
0
 

Author Comment

by:Wade_Chestnut
ID: 34095229
Yeah, I appreciate your suggestion but I think we'll just live with the second DHCP server and document it.  Thanks, again!
0
 
LVL 33

Expert Comment

by:digitap
ID: 34095313
You bet!  Also, thanks for the points!
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question