Firebox 700 VPN (DNS and IP config)

[dougDFW]

Firebox 700 VPN (DNS and IP config): I can creat the tunnel from the client (using the lite VPN software) and the firebox has been upgrade to version 6 software. I can ping 192.168.1.2, but I get no DNS resolution.

I have 5 public IP addresses via ADSL.
The trusted Interface is using 192.168.1.1/24 subnet.
Not using Optional Interface at this time. My internal DNS and WINS server is IP address 192.168.1.2. Using Dynamic NAT and HTTP proxy services with webblocker.

Question 1? How do I enable to ability to resolve DNS/WINS resolution from the VPN client?

Question 2? Should the client IP addresses be on the same subnet as the LAN (192.168.1.x versus 192.168.2.x)?

Question 3: Is there anything special I will need to do in order to join my domain through the VPN tunnel to access Exchange server, my domain controller and my Database server?

Any help, no matter how partial or simple will be appreciated.

Thank you, DougDFW

 

[Ntr0P]

Q1: You will need to manually enter this information on the client computer's interface. Depending on the client you are using and the configuration, you will either need to configure the IP's on the virtual adapter, or if you are using the shim, the interface the vpn traffic passes through.

Q2: This is a matter of preference. Either will work. If you are using W2K server, there are MTU issues that might cause problems if the vpn client is on the same subnet. There is a fix from MS on this (PMTU fix - sorry, can't reference it specifically). Moving the vpn client to a different subnet resolves this issue.

Q3: By join my domain, do you mean authenticate to the domain? If so, simply log on to the machine (W9x, W2K, XP) as you normally would when on the LAN. If you are using W9x, ignore the message (there is no domain server to validate...). You're credentials will be cached and passed to the domain server when you connect via the VPN.