SonicWall Global VPN Client problem

The user can connect to the Sonicwall using the GVC ...[and is].. able to get an IP address from the LAN and can ping the server by NetBIOS name.  However, I can't connect to the shares.

You may need an entry in c:\windows\system32\drivers\etc\hosts that says:

192.168.x.y (or whatever)   SERVERNAME

Then set up a batch file on the desktop:

NET USE Z: /Delete
NET USE Z: \\SERVERNAME\folder.
This will ask for username and password

Try this manually first.

Is the user signing in with an account that you added to the SonicWALL or is he signing in via LDAP?  I am using GVC at my office and have setup LDAP in the SonicWALL and my users do not have this problem.  For users that need mapped drives after sign-in, there is an option in the GVC connection properties to execute a file after sign-in.  You could use that to map drives.

Hi
I do exactly what you are trying to do and global VPN client works a real treat.
If fact all our tech staff will soon be using it.
You need to enable local logon on the laptop so it caches the credentials.
Have a standard local log on for the VPN it allows them to think before they enter your network from home.
Install the VPN clients so their domain account can access it.
When they go home they log on with domain credential it will take about a minute or two and they will be on the desktop with a warning saying failed to connect some network drives.
Double click VPN client, click connect, enter username password.
5, 4,3,2,1 connected >>> double click drives = access
The user will think they are at the office.
Make sure you got spit traffic you don't want their web traffic

Stolsie - What do you mean by enabling local logon on the laptop?  The user is authenticating to the Sonicwall with a local user acct created on the Sonicwall. The VPN client software was installed in the office when the user was signed on with domain credentials.

I believe what stolsie is referring to is caching domain account logons on the laptop. http://windowsitpro.com/windows/domain-credential-caching

By default the value is set to 10 cached logons.  While there is security risk with this feature, you wouldn't want to set it to 0 on a laptop because the user would not be able to logon the laptop while in the field.

So the user would log onto the laptop in the field with a domain account, but sign into the SonicWALL with a local SonicWALL user account.  You could then have the GVC client run a logon script upon connecting to map drives and do any other administrative tasks that you might want.

jekautz - I already have the user log onto the laptop in the field with the domain acct, but sign into the SonicWall with a local SonicWall user acct.  The user can then ping the server by NetBIOS name.  However, when the user tries to map a drive to the server manually, he gets the error that he doesn't have permission to it. This makes sense since he would need to authenticate to the domain once he's connected to the VPN, not before.

Do you need the Directory Configurator to be installed on the server for LDAP?

I don't know what Directory Configurator is. So apparently not.

What I was trying to illustrate previously was that enabling LDAP won't fix your problem.  If the user is logging on with a cached domain account, they should have access to network resources.

Verify that your user's remote location subnet does not overlap your work's subnet.  This could cause routing problems.

Yes you need the Directory Connector install if you pull up AD names i have 2 running to pull up the 2000+- concurrent users i have across two domains.

Stolsie & Jekautz - What's happening now is I am logging on with an air card from the laptop with the domain cached acct into Windows. I then connect to the vpn.  I am able to ping the seriver by NetBIOS name. but when i try to run a batch file to create mapped drives, it will tell me the resource is no longer available or the system detected a possible attempt to compromise security.  If I bring the mouse down to the network icon in the system tray to see what it is showing as connections, it says "office network.local unauthenticated". It may actually prompt me to lock the pc and unlock it with the credentials necessary. It seems to take time, but eventually the "unautheticated" goes away and i can open a share shortcut that I created when I was hardwired to the office network and on the domain.  Any ideas?  If I go the ldap route, I need to turn it on on the SonicWall and install the Directory Connector on the DC, and that's it?

If it’s taking time authenticating it could be the address range you have for the VPN clients has not got a reverse look up table and if it does there is a possibility is not associated with the correct domain.
Have you also included the routes/address objects to the AD servers  in the VPN rules aswell as for the user profile?

I figured out that it's something with the Dell Sierra Wireless card, the AirCard Watcher software, and how they connect to the SonicWall vpn.  With the wifi built-in card, it works just fine.  Also on another laptop, the wifi connects just fine and so does the Verizon usb card,  Only with the Sierra card and accompanying software, it can connect to the vpn, but the connection shows the work domain name (unauthenticated).  The authentication is handled completely via the SonicWall's LDAP sync with the DC which I set up last week.  It must be some incompatibility with the Sierra wireless card or accompanying software. Chasing this down is going to extremely difficult. Dell of course disavows any responsibility.

When this happens with a cellular card (I use these) you may need to enable NAT Traversal in the client application.  You may need to use a very robust client application like NCP Secure Entry (www.ncp-e.com). I use this and can use Ethernet, Wi-Fi, or cellular with no issue.

Also see if the cellular ISP requires an up-charge for VPN access via cellular.

oh sorry I really apologies for same I was not aware about this - might be I have send personal message to 10 question, you can delete that and next time I will take care for same.

Thank you.