Go Back   NETGEAR Forums > Enterprise/Business Products > Firewall / VPN Devices > VPN Routers

Reply
 
Thread Tools Display Modes
  #1  
Old January 16th, 2008, 03:21 PM
cez77 cez77 is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jan 2008
Posts: 2
cez77 is on a distinguished road
Default FVS338 - DNS over VPN?

Hi,

I have two FVS338 VPN Firewalls that I am using to connect a small office with our main office through a VPN. The main office has a Windows 2003 Internal Domain Controller and DNS Server that I need to connect to from the small office. The VPN between the two routers works fine and I have no problem pinging or accessing resources through IP only.

Some of the software we use requires that the computer be a member of the Database Server's Domain. However, I can't join computers at the small office to the main office's domain because they don't recognize the DC as their DNS server. I realize I could probably do this easily with a secondary DNS server at the remote location, but I don't want to do that unless I have to since the remote office will have only one desktop and up to 4 tablets - and it's only in use 2 days a week.

My first instinct was to try just specifying the DC as the DNS server, but that didn't work (obviously). I've also tried messing with some of the other settings, but all I managed to do was break the VPN with weird errors.

I have the VPN working again, but it's essentially worthless if I can't connect computers to the domain. I imagine the only thing I need to know how to do is establish the main office's DC as the DNS server over the VPN connection. Does anyone know how to do this? It must be something easy because all of my forum searchs have returned nothing - atleast not for Gateway VPN connections.
Reply With Quote
  #2  
Old January 16th, 2008, 04:39 PM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,238
adit is on a distinguished road
Default Re: FVS338 - DNS over VPN?

Don't use the router as a DNS Proxy. Check the settings on this. Check ipconfig/all from the command line on one of the remote PC's . Make sure the DNS server is the DC.

The remote PC's need to have the DC as their DNS server. The DHCP server in the 338 can handle it, or you can set the DNS server static in the adapter settings of the remote PC.

-------
-------

The harder part is adding Domain Users to PC's that are not sitting behind the VPN tunnel, but behind a VPN Client Tunnel (SafeNet/Netgear VPN Client).

Set your DNS server to the DC on the remote PC.

Install and configure the client, and connect to your main location (DC).

Join the Domain and reboot the PC to complete the process.

Log into the Domain as Administrator, connect the VPN tunnel, and Lock the PC.

Then try to Unlock the PC by using the Domain User that you want to add to the PC.

You don't even need to know the Domain Users password to download the user's security profile to the PC so that they can login. They don't have to be an Admin, and I prefer to use the wrong password. This way it doesn't log off the Administrator.

The Domain User can then login to the PC and connect to the main location via the VPN Client software.
__________________
.
Forum Rules - Post Screenshots on ImageShack for Free - Firmware Upgrade Procedure
.
Online Subnet Calculator - LAN Subnets NOT to Use - SA Lifetime Guidelines - Hex/IP Converter
.
Free Netgear Support Online Trouble Ticket Submissions 1-888-NETGEAR 4,3 Netgear Knowledge Base
.
VPN Router Support, Interface Demos,and Marketing Pages:
.
SRX5308 S M - FVS336G S I I M - FVS318G S M - FVS318N S M - FVS338 S I I M - SRXN3205 S M -
VPNG01/5L S M - FVS318 S I I M - DGFV338B S I M - FVG318 S I I M - SSL312 S I M - FVX538 S I I
.
FVS114 - FVS124G - FVS328 - FVL328 - FWG114P - GPL Firmware Code - MyOpenRouter - VPNC Docs
.
Click Here for my VPN Client and Mode Config VPN Client Tutorials
.
ProSecure STM/UTM Appliance User Forum - Prosecure Marketing Website
.
.
Good Luck...ADIT

FYI - I am a Reseller and not employed by Netgear
Reply With Quote
  #3  
Old January 17th, 2008, 09:13 AM
cez77 cez77 is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jan 2008
Posts: 2
cez77 is on a distinguished road
Default Re: FVS338 - DNS over VPN?

Quote:
Don't use the router as a DNS Proxy. Check the settings on this. Check ipconfig/all from the command line on one of the remote PC's . Make sure the DNS server is the DC.

The remote PC's need to have the DC as their DNS server. The DHCP server in the 338 can handle it, or you can set the DNS server static in the adapter settings of the remote PC.
Thank you for the reply. But I tried unchecking the DNS Proxy setting and neither using DHCP to serve the DNS server nor specifying it manually seemed to work. Is there anything else that could be interfering here?
Reply With Quote
  #4  
Old January 17th, 2008, 10:29 AM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,238
adit is on a distinguished road
Default Re: FVS338 - DNS over VPN?

Windows and other software-based firewalls (McAfee, Norton, ZoneAlarm, etc.) will block the ability to join a Domain.
__________________
.
Forum Rules - Post Screenshots on ImageShack for Free - Firmware Upgrade Procedure
.
Online Subnet Calculator - LAN Subnets NOT to Use - SA Lifetime Guidelines - Hex/IP Converter
.
Free Netgear Support Online Trouble Ticket Submissions 1-888-NETGEAR 4,3 Netgear Knowledge Base
.
VPN Router Support, Interface Demos,and Marketing Pages:
.
SRX5308 S M - FVS336G S I I M - FVS318G S M - FVS318N S M - FVS338 S I I M - SRXN3205 S M -
VPNG01/5L S M - FVS318 S I I M - DGFV338B S I M - FVG318 S I I M - SSL312 S I M - FVX538 S I I
.
FVS114 - FVS124G - FVS328 - FVL328 - FWG114P - GPL Firmware Code - MyOpenRouter - VPNC Docs
.
Click Here for my VPN Client and Mode Config VPN Client Tutorials
.
ProSecure STM/UTM Appliance User Forum - Prosecure Marketing Website
.
.
Good Luck...ADIT

FYI - I am a Reseller and not employed by Netgear
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 12:23 AM.