Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS setup through Securemote

Status
Not open for further replies.

all41

IS-IT--Management
Apr 30, 2000
1
IE
I have Checkpoint firewall installed on a Nokia IP330 firewall/router. I am using Securemote to connect to the local LAN but I cannot use the LAN's local DNS server and I end up having to create a local 'HOSTS' file to resolve internal LAN DNS names. What do I need to do to use a local LAN's DNS server through the VPN tunnel??
 
If you are dialing up then modify the Dial-Up adapter for the connection, under the IP config enter in the DNS server's IP address. Since DNS uses SMB broadcasts you will need to make sure that the firewall is not blocking the broadcast messages. It is my first rule under my config to disable broadcasts. This is true of other network traffic that by allowing broadcasts your opening your system up to uncessary traffic. The HOSTS option is best to limit access to other servers on the network unless they know the IPs (and are being allowed access).
If you're using Roadrunner or a network connection (DSL etc.) then just update the IP config for that adapter entering the DNS server's IP.
 
Hi There

We have been having the same problem, the problem was even though we had the internal DNS settings in the dial-up TCP/IP settings, it wasn;t using it, this was because of the dnsinfo.C file sitting on the management console wasn;t setup correctly and the policy pushed out, on the log do you see any drops or does it not even hit the firewall with a dns lookup? if not then maybe your dnsinfo.C hasn;t been configured correctly and hasn;t been pushed out to the gateways and securemote client policy..

Faz
 
I don´t know if this could be an answer that works, but try this anyway:

To add support for localy DNS-servers, locate this file:
"c:\program Files\checkpoint\secureremote\database\userc.C"

Add this entries under Options:
:dns_encrypt (true)
:dns_xlate (true)
 
I read somewhere on the Checkpoint website that you need to implement something called Split Horizon DNS to get this working... it looked too complicated for me so I left it and used hosts instead. Has anyone had any luck with this?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top