Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active Directory across a VPN using Sonicwall

Status
Not open for further replies.
rms26

rms26

IS-IT--Management
Feb 16, 2005
2
US
I have the following scenario.

Sonicwall 3060 VPN concentrator at HQ

Sonicwall TZ170 at the site.

I am trying to get a desktop (Windows XP SP2) at the site to authenticate in AD with my Windows 2003 Domain controller at the HQ. My internal DNS server is also my DC. The desktop has Static settings for IP, Gateway, and DNS. The desktop has the internal DNS servers and the external DNS as a last resort.

I am able to ping the DC IP Address and other devices on the network. I am able to ping the desktop IP Address from the DC. But I cannot get DNS resolution, thus making it unable to authenticate to the domain.

I have enabled NetBIOS traffic across the tunnel (I do not know if this is needed or not) to no avail.

Can anyone help?

 
Sort by date Sort by votes
Try removing the external dns address and disable the firewall(SP2)

Are you using NAT?
 
Upvote 0 Downvote
You'll need to enable IAS and do Radius.

That's what I have running here with the same equipment as yourself.

Regards,

Mike
 
Upvote 0 Downvote
As Mike2287 said, remove external DNS. AD clients should ONLY point to your internal DNS server(s). AD relies on DNS for internal and external resolution, and ONLY your internal DNS servers should be listed.

Configure your PC static IP within the range of your local LAN; Set SNM to 255.255.255.0; Def Gateway to your TZ-170 IP; DNS to your Domain DNS server. You can manualy add WINS entry if you're running one on the other end.

I just checked on one of my remote client tunnels, to see if I could join one of my office PC's to their domain, over existing tunnel, and it works just fine.
 
Upvote 0 Downvote
twwabw:

Do you have NetBios traffic enabled?

Thanks to all.
 
Upvote 0 Downvote
Nope- no netbios enabled. It browses just fine. What are your network addressing schemes? They're not overlapping are they? They don't need to be in the IP range as each other to work either. For instance, my office is 192.168.10.x, and the remote domain I had the PC join is 10.0.1.x. It's no problem, because the destination network is defined through the SonicWALL SA. I just assigned the PC an IP within my office range, but out of the scope of my DHCP server. I used something like 192.168.10.225. The rest is as I said. Since the only DNS entry was the remote domain's DNS server (entered 10.0.l.10) it knew where to look for DNS when I told it to join that Domain. All your external internet dns resolution will be handled by the remote network's DNS forwarders. Only issue with that is if the link goes down. If it does, you would have to change static PC's dns settings temporarily to your ISPs DNS for internet resolution.

But do NOT enter these ISP DNS servers during normal use.

I've set this up a bunch of times. It works fine. You don't need radius.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
283
Sameer258
Sameer258
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
365
Shmid
Shmid
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
297
intel233
intel233
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
85
Russtoleum
Russtoleum
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
88
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top