Solved

VPN problems on Sonicwall TZ210

Posted on 2013-12-14
6
897 Views
Last Modified: 2014-01-14
I am using net extender to create a VPN from my laptop at home. My laptop at home has a dynamically assigned IP address from my router at home. My home router is a netgear.

My VPN was working fine for a long time. I would connect to my work network using net extender. Then i would launch a remote desktop and type in the server name that i wanted to remote into. RDP just times out. However, if I type in the IP address of the server I am able to log in.

Also i have mapped drives that do not work if using the server name however when I use IP address it works fine.

My home gateway is on 192.168.28.1 and my work gateway is 192.168.27.1.

My home computer is a laptop that is on a domain. It used to be a workstation at work. So when i login it is not authenticated by a DC. I just login using my name@mydomain.com and password and I never have a problem.

I did notice however that when I dolog into VPN successfully I no longer have local internet access. So in order to google search I have to disconnect from Net Extender, launch google, then log back in. Is that normal also since i am in tunnel mode?
0
Comment
Question by:MEATBALLHERO
6 Comments
 
LVL 24

Expert Comment

by:diverseit
ID: 39719094
Hi MEATBALLHERO,

NetExtender in tunnel all mode forces all traffic to be routed over the SSL-VPN adapter. To allow your end users access to internet over the UTM-SSLVPN, you will need to allow “WAN RemoteAccess Networks” (a network address object whose value 0.0.0.0 acts like a default route), and the Tunnel All option must be selected on the Client Routes page.  The method below is appropriate when the administrator wants all of their NetExtender users to have their internet access provided through the SSL-VPN otherwise disable Tunnel All mode.  Be sure that you are not overwhelming the internet bandwidth at the location where the firewall is installed, as this traffic will be added to the other loads from inside the network.
Step 1: On the SonicWALL, go to SSL-VPN > Client Routes screen, enable the Tunnel All option in the drop down menu.

Step 2: On the Users > Local Groups screen, configure SSLVPN Services group and under tab “VPN Access,” add the object WAN RemoteAccess Networks.

Step 3: No custom rules are needed on the Firewall > Access Rules screen for this to work.  You can see auto-added rules in the section SSLVPN to WAN.
Make sense?
0
 
LVL 6

Expert Comment

by:Ramakrishna Prabhu
ID: 39719640
Agree with diverseit
+1
0
 

Author Comment

by:MEATBALLHERO
ID: 39738468
That sounds like it will solve the internet connection issue. However, my big problem is that I can not connect via host name  using RDP. i used to connect my secure vpn and then RDP using my server name MYSERVER01 and now I can only connect to this server if I type in the IP address.

When I type NSLOOKUP in CMD Prompt I get the DNS server IP address from my office because I'm in tunnel mode,  but not the DNS server name. It says unknown.

Did I screw something up on my remote client side or is this a active directory DNS issue on my office network side?
0
 
LVL 1

Accepted Solution

by:
robertmparten earned 500 total points
ID: 39747694
The problem is it appears you have a tunnel misconfiguration issue. You need to setup a split tunnel and forward DNS so you can have Internet through your home connection but utilize the forwarded DNS to resolve the hostnames of your work servers so your file shares work.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39763507
It is not a misconfiguration to have Tunnel All mode enabled nor is it the appropriate fix to use a Split Tunnel if that is not desired! My solution (http:#a39719094) is a validated one and is accurate if you want to stick with Tunnel All mode, which will force all the traffic through to the your Office securely.

Cheers!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now