SonicWall Global VPN Client problem

have a client that I need to connect to  Sonicwall NSA 240 from a laptop when he isn't in the office.  The laptop is a member of the work domain is the client will have a port replicator when he is in the office to connect to the Windows domain.  I installed the SonicWall Global VPN client on the laptop and setup the configuration of the VPN in the SonicWall.  The user can connect to the Sonicwall using the GVC with no issue as a local user setup on the SonicWall.  I am able to get an IP address from the LAn and can ping the server by NetBIOS name.  However, I can't connect to the shares.  I imagine this is because I have never logged onto the domain.  Can someone tell me how i can authenticate once I am already in Windows?  SonicWall said there is no way to handle that through their VPN client. I need help! Thx.
071171Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
The user can connect to the Sonicwall using the GVC ...[and is].. able to get an IP address from the LAN and can ping the server by NetBIOS name.  However, I can't connect to the shares.

You may need an entry in c:\windows\system32\drivers\etc\hosts that says:

192.168.x.y (or whatever)   SERVERNAME

Then set up a batch file on the desktop:

NET USE Z: /Delete
NET USE Z: \\SERVERNAME\folder.
This will ask for username and password

Try this manually first.
0
jekautzCommented:
Is the user signing in with an account that you added to the SonicWALL or is he signing in via LDAP?  I am using GVC at my office and have setup LDAP in the SonicWALL and my users do not have this problem.  For users that need mapped drives after sign-in, there is an option in the GVC connection properties to execute a file after sign-in.  You could use that to map drives.
0
StolsieCommented:
Hi
I do exactly what you are trying to do and global VPN client works a real treat.
If fact all our tech staff will soon be using it.
You need to enable local logon on the laptop so it caches the credentials.
Have a standard local log on for the VPN it allows them to think before they enter your network from home.
Install the VPN clients so their domain account can access it.
When they go home they log on with domain credential it will take about a minute or two and they will be on the desktop with a warning saying failed to connect some network drives.
Double click VPN client, click connect, enter username password.
5, 4,3,2,1 connected >>> double click drives = access
The user will think they are at the office.
Make sure you got spit traffic you don't want their web traffic
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

071171Author Commented:
Stolsie - What do you mean by enabling local logon on the laptop?  The user is authenticating to the Sonicwall with a local user acct created on the Sonicwall. The VPN client software was installed in the office when the user was signed on with domain credentials.
0
jekautzCommented:
I believe what stolsie is referring to is caching domain account logons on the laptop. http://windowsitpro.com/windows/domain-credential-caching

By default the value is set to 10 cached logons.  While there is security risk with this feature, you wouldn't want to set it to 0 on a laptop because the user would not be able to logon the laptop while in the field.

So the user would log onto the laptop in the field with a domain account, but sign into the SonicWALL with a local SonicWALL user account.  You could then have the GVC client run a logon script upon connecting to map drives and do any other administrative tasks that you might want.
0
071171Author Commented:
jekautz - I already have the user log onto the laptop in the field with the domain acct, but sign into the SonicWall with a local SonicWall user acct.  The user can then ping the server by NetBIOS name.  However, when the user tries to map a drive to the server manually, he gets the error that he doesn't have permission to it. This makes sense since he would need to authenticate to the domain once he's connected to the VPN, not before.
0
jekautzCommented:
I just performed this test on my network and here are the results.  One thing different about my setup is that we don't use local Sonicwall user accounts, but instead we use LDAP.  But that shouldn't make a difference for you as you will see here.

Test 1) Logged on laptop with local cached domain credentials.  Logged into GVC with domain account (via LDAP). Could access all network resources without password prompts.

Test 2) Logged on laptop with local laptop account (not domain). Logged into GVC with domain account (via LDAP). Had passwords prompt to access network resources.

For you, logging on with a local cached domain account should be sufficient to access your network resources.  The way you log into GVC does not seem to help in any way.  Have you checked your group policies for any settings that may be causing this behavior?  Your user should at least get a prompt to supply alternate credentials to access the resource.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
071171Author Commented:
Do you need the Directory Configurator to be installed on the server for LDAP?
0
jekautzCommented:
I don't know what Directory Configurator is. So apparently not.

What I was trying to illustrate previously was that enabling LDAP won't fix your problem.  If the user is logging on with a cached domain account, they should have access to network resources.

Verify that your user's remote location subnet does not overlap your work's subnet.  This could cause routing problems.
0
StolsieCommented:
Yes you need the Directory Connector install if you pull up AD names i have 2 running to pull up the 2000+- concurrent users i have across two domains.
0
071171Author Commented:
Stolsie & Jekautz - What's happening now is I am logging on with an air card from the laptop with the domain cached acct into Windows. I then connect to the vpn.  I am able to ping the seriver by NetBIOS name. but when i try to run a batch file to create mapped drives, it will tell me the resource is no longer available or the system detected a possible attempt to compromise security.  If I bring the mouse down to the network icon in the system tray to see what it is showing as connections, it says "office network.local unauthenticated". It may actually prompt me to lock the pc and unlock it with the credentials necessary. It seems to take time, but eventually the "unautheticated" goes away and i can open a share shortcut that I created when I was hardwired to the office network and on the domain.  Any ideas?  If I go the ldap route, I need to turn it on on the SonicWall and install the Directory Connector on the DC, and that's it?
0
StolsieCommented:
If it’s taking time authenticating it could be the address range you have for the VPN clients has not got a reverse look up table and if it does there is a possibility is not associated with the correct domain.
Have you also included the routes/address objects to the AD servers  in the VPN rules aswell as for the user profile?
0
071171Author Commented:
I figured out that it's something with the Dell Sierra Wireless card, the AirCard Watcher software, and how they connect to the SonicWall vpn.  With the wifi built-in card, it works just fine.  Also on another laptop, the wifi connects just fine and so does the Verizon usb card,  Only with the Sierra card and accompanying software, it can connect to the vpn, but the connection shows the work domain name (unauthenticated).  The authentication is handled completely via the SonicWall's LDAP sync with the DC which I set up last week.  It must be some incompatibility with the Sierra wireless card or accompanying software. Chasing this down is going to extremely difficult. Dell of course disavows any responsibility.
0
JohnBusiness Consultant (Owner)Commented:
When this happens with a cellular card (I use these) you may need to enable NAT Traversal in the client application.  You may need to use a very robust client application like NCP Secure Entry (www.ncp-e.com). I use this and can use Ethernet, Wi-Fi, or cellular with no issue.

Also see if the cellular ISP requires an up-charge for VPN access via cellular.
0
ravindragandhiCommented:
oh sorry I really apologies for same I was not aware about this - might be I have send personal message to 10 question, you can delete that and next time I will take care for same.

Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.