VPN problems on Sonicwall TZ210

Posted on 2013-12-14
Last Modified: 2014-01-14
I am using net extender to create a VPN from my laptop at home. My laptop at home has a dynamically assigned IP address from my router at home. My home router is a netgear.

My VPN was working fine for a long time. I would connect to my work network using net extender. Then i would launch a remote desktop and type in the server name that i wanted to remote into. RDP just times out. However, if I type in the IP address of the server I am able to log in.

Also i have mapped drives that do not work if using the server name however when I use IP address it works fine.

My home gateway is on and my work gateway is

My home computer is a laptop that is on a domain. It used to be a workstation at work. So when i login it is not authenticated by a DC. I just login using my and password and I never have a problem.

I did notice however that when I dolog into VPN successfully I no longer have local internet access. So in order to google search I have to disconnect from Net Extender, launch google, then log back in. Is that normal also since i am in tunnel mode?
LVL 25

Expert Comment

by:Diverse IT
ID: 39719094

NetExtender in tunnel all mode forces all traffic to be routed over the SSL-VPN adapter. To allow your end users access to internet over the UTM-SSLVPN, you will need to allow “WAN RemoteAccess Networks” (a network address object whose value acts like a default route), and the Tunnel All option must be selected on the Client Routes page.  The method below is appropriate when the administrator wants all of their NetExtender users to have their internet access provided through the SSL-VPN otherwise disable Tunnel All mode.  Be sure that you are not overwhelming the internet bandwidth at the location where the firewall is installed, as this traffic will be added to the other loads from inside the network.
Step 1: On the SonicWALL, go to SSL-VPN > Client Routes screen, enable the Tunnel All option in the drop down menu.

Step 2: On the Users > Local Groups screen, configure SSLVPN Services group and under tab “VPN Access,” add the object WAN RemoteAccess Networks.

Step 3: No custom rules are needed on the Firewall > Access Rules screen for this to work.  You can see auto-added rules in the section SSLVPN to WAN.
Make sense?

Expert Comment

by:Ramakrishna Prabhu
ID: 39719640
Agree with diverseit

Author Comment

ID: 39738468
That sounds like it will solve the internet connection issue. However, my big problem is that I can not connect via host name  using RDP. i used to connect my secure vpn and then RDP using my server name MYSERVER01 and now I can only connect to this server if I type in the IP address.

When I type NSLOOKUP in CMD Prompt I get the DNS server IP address from my office because I'm in tunnel mode,  but not the DNS server name. It says unknown.

Did I screw something up on my remote client side or is this a active directory DNS issue on my office network side?

Accepted Solution

robertmparten earned 500 total points
ID: 39747694
The problem is it appears you have a tunnel misconfiguration issue. You need to setup a split tunnel and forward DNS so you can have Internet through your home connection but utilize the forwarded DNS to resolve the hostnames of your work servers so your file shares work.
LVL 25

Expert Comment

by:Diverse IT
ID: 39763507
It is not a misconfiguration to have Tunnel All mode enabled nor is it the appropriate fix to use a Split Tunnel if that is not desired! My solution (http:#a39719094) is a validated one and is accurate if you want to stick with Tunnel All mode, which will force all the traffic through to the your Office securely.


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question