thafemann
asked on
Sonicwall SSL-VPN DNS bookmarks do not seem to work
Hello all,
I am running a Sonicwall SSL-VPN2000 appliance. I have a number of bookmarks that do RDP (Both Java and Active X)
When I put the IP address of the device in the bookmark, I can connect to the end device just fine. When I put in the DNS name into the bookmark, I can not connect.
I have looked at the DNS settings in the Sonicwall and they are correct. When I goto the diagnostics page of the sonicwall, I can do DNS resolution, ping by DNS name, traceroute to both the name and the IP address.
Seems strange but this is what I am seeing. Any ideas?
TIA
Tom
I am running a Sonicwall SSL-VPN2000 appliance. I have a number of bookmarks that do RDP (Both Java and Active X)
When I put the IP address of the device in the bookmark, I can connect to the end device just fine. When I put in the DNS name into the bookmark, I can not connect.
I have looked at the DNS settings in the Sonicwall and they are correct. When I goto the diagnostics page of the sonicwall, I can do DNS resolution, ping by DNS name, traceroute to both the name and the IP address.
Seems strange but this is what I am seeing. Any ideas?
TIA
Tom
ASKER
We are not using the VPN client. We are using the Bookmark feature, which is a web vpn portal.
As I shared, IP addresses work, DNS addresses do not work. :(
As I shared, IP addresses work, DNS addresses do not work. :(
The web VPN portal uses the NetExtender SSL VPN client. The bookmark feature still requires the client machine to have correct DNS servers set to resolve your DNS addresses.
ASKER
Ok, but isn't the appliance DNSpassed thru to the clients? The device itself can do appropriate DNS resolution and even trace route by name. Is there another place to set DNS?
Open your NetExtender client when connected to the VPN and click on the "DNS" tab. Are the correct DNS servers set?
Can you resolve the full FQDN? (i.e. "myserver.mydomain.local" instead of just "myserver")
Can you resolve the full FQDN? (i.e. "myserver.mydomain.local" instead of just "myserver")
ASKER
Thanks for replying. I do not have the NetExtender client on my machine. When I login to the web portal, we do not have the client install to the workstation. We only use the web interface, no client.
Again, this all works fine when we use the IP address of the workstations we wish to RDP or SSL into. As soon as we use a DNS name, we can not connect.
I have looked on the SSL-VPN appliance itself. All the places that I see the DNS settings are set correctly.
One thing I did find interesting is if I add an entry to the host resolution table on the SSL VPN appliance, and then it works!
Again, this all works fine when we use the IP address of the workstations we wish to RDP or SSL into. As soon as we use a DNS name, we can not connect.
I have looked on the SSL-VPN appliance itself. All the places that I see the DNS settings are set correctly.
One thing I did find interesting is if I add an entry to the host resolution table on the SSL VPN appliance, and then it works!
ASKER
When I am connected to the web portal, and I am able to connect to a server via RDP, I opened a command line to see what I could ping.
I could not ping the IP address of the server that I was RDP'd into (ping is enabled and no firewal), I could not resolve by netbios name or dns name (fqdn).
It seem that the web portal does some sort of reverse proxy to present these services to the end user without the user actually being connected to the remote network.
When I look at the management interface while I am connected, I see active users, but I see no NetExtender sessions. I don't even have these sections turned on.
I could not ping the IP address of the server that I was RDP'd into (ping is enabled and no firewal), I could not resolve by netbios name or dns name (fqdn).
It seem that the web portal does some sort of reverse proxy to present these services to the end user without the user actually being connected to the remote network.
When I look at the management interface while I am connected, I see active users, but I see no NetExtender sessions. I don't even have these sections turned on.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When you connect to the VPN from a client computer, are you able to resolve DNS for the RDP server? If not, you may need to change the DNS servers given to your VPN clients.