dmanisit
asked on
Networking question on Sonicwall
Hi,
I have a sonicwall its IP is 192.168.30.198. I configured the X2 port for 172.16.30.1 for Ā seperate VLAN, I plugged the X2 into a new Cisco switch and have 2 servers currently plugged in to the Cisco, the servers are set to a static IP of 172.16.30.100 and 101, I setup the default Gateway to 172.16.30.1 and the DNS servers (are also the DC's) are set to 192.1.1.205 and 192.1.1.164. The 192.168.30 network has no problems resolving by name to anything on the 192.1.1.xx network. However the 172 network can ping by IP address but cant resolve by name at all. NSLOOKUP fails as well. I know I am missing something easy, but I just cant think of it.
I have a sonicwall its IP is 192.168.30.198. I configured the X2 port for 172.16.30.1 for Ā seperate VLAN, I plugged the X2 into a new Cisco switch and have 2 servers currently plugged in to the Cisco, the servers are set to a static IP of 172.16.30.100 and 101, I setup the default Gateway to 172.16.30.1 and the DNS servers (are also the DC's) are set to 192.1.1.205 and 192.1.1.164. The 192.168.30 network has no problems resolving by name to anything on the 192.1.1.xx network. However the 172 network can ping by IP address but cant resolve by name at all. NSLOOKUP fails as well. I know I am missing something easy, but I just cant think of it.
lruiz52
You have to set up a policy allowing the 172.16.30.0/24 subnet out
Check link below on how to configure an access rule ;
http://help.mysonicwall.com/sw/eng/405/ui2/23100/Firewall/Add_Rule.htm
For Internet access you just need to allow ports OUT;
80 HTTP
53 DNS
443 HTTPS
http://help.mysonicwall.com/sw/eng/405/ui2/23100/Firewall/Add_Rule.htm
For Internet access you just need to allow ports OUT;
80 HTTP
53 DNS
443 HTTPS
Almost agreed with luiz52;
Check that DNS query resolution is allowed out. ALso, if you are sure of the security of the DMZ, you could trust the DMZ to LAN connection. At a minimum, you could turn on tge trust for DMZ to LAN to test and verify that is the problem.
Check that DNS query resolution is allowed out. ALso, if you are sure of the security of the DMZ, you could trust the DMZ to LAN connection. At a minimum, you could turn on tge trust for DMZ to LAN to test and verify that is the problem.
ASKER
ok, thanks you. I created a new rule and from ALL X2 management IP to any on the above ports and still nothing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"the DNS servers (are also the DC's) are set to 192.1.1.205 and 192.1.1.164"
Dear if your clients on 172.16.30.x are using 192.1.1 DNS server, you need to have two reverse lookup zone in your DNS
1 for 192.1.1
1 for 172.16.30
if you have more then 1 subnet you need to create different subnets (Only for rev lookupzone) in your DNS.
could you please check host enteries in your fwd and rev lookup zones?
i think you would have in fwd but not rev lookup zones.
Dear if your clients on 172.16.30.x are using 192.1.1 DNS server, you need to have two reverse lookup zone in your DNS
1 for 192.1.1
1 for 172.16.30
if you have more then 1 subnet you need to create different subnets (Only for rev lookupzone) in your DNS.
could you please check host enteries in your fwd and rev lookup zones?
i think you would have in fwd but not rev lookup zones.
Need some clarification.
So, in addition to the DCs having an IP on the 192.168.1.0/24 network, they also have an IP on the 192.1.1.0/24 network?
When you say the X2 subnet can ping by IP address, they can ping the DCs on the 192.1.1.0/24 subnet or only the 192.168.1.0/24 subnet?
Are the hosts on the X2 subnet part of the domain that the DCs manage?
When you say NSLOOKUP fails, are you trying to resolve local host names or Internet hosts? When you run NSLOOKUP for local hosts, did you try using the FQDN rather than just the host name? If not, what happens when you do?
If you have two different subnet's IP addresses assigned to your DCs, I'm assuming here, then how do you have the LAN interface on the sonicwall configured to route those two subnets for hosts on that subnet?
So, in addition to the DCs having an IP on the 192.168.1.0/24 network, they also have an IP on the 192.1.1.0/24 network?
When you say the X2 subnet can ping by IP address, they can ping the DCs on the 192.1.1.0/24 subnet or only the 192.168.1.0/24 subnet?
Are the hosts on the X2 subnet part of the domain that the DCs manage?
When you say NSLOOKUP fails, are you trying to resolve local host names or Internet hosts? When you run NSLOOKUP for local hosts, did you try using the FQDN rather than just the host name? If not, what happens when you do?
If you have two different subnet's IP addresses assigned to your DCs, I'm assuming here, then how do you have the LAN interface on the sonicwall configured to route those two subnets for hosts on that subnet?
ASKER
thank you