SSL VPN, Host Name Resolution and unidentified network
Hi,
I succesful do an SSL VPN. From the External PC I access to all the Site Network but I have two problem to fix about the host resolution in both ways.
1) in the external PC Windows explorer doesn't show the Site Netwrok Computers. To surfing the network shares I have to digit the IP address: No host name resolution. Windows 10 pro doesn't recognize the network: unidentified network.
2) The Site Network doesn't have acces to the External PC, ping doesn't work either.
On VPN setting I have enabled, Network Extension, NetBIOS broadcast, No IP Overlap, I setted up to get access to all LAN SUBNET. I don't have a WINS server, LAN computers are not in windows domain.
All devices have a static IP address.
One of my doubt is about the DNS value on VPN setting, I tried with Zywall address, Server address but nothing.
Any suggestion?
Thanks and best regards
0
All Replies
-
As my experience, for no host name resolution, just create the PTR record on DNS page.(FQDP with IP), and select Zywall as DNS server on SSL vpn page.
Also, select subnet which can be accessed by vpn client on network list.
0 -
Thanks for your reply. I Tried but it doesn't work.I think it is a DNS problem because if I manually modify the windows HOSTS file it works.0
-
Environment:
- Windows Domain where the Domain Controller is also assigned as local DNS server
- Client SSL VPN to USG110 (no site-to-site VPN)
- No Full Tunnel Mode, since VPN clients shouldn't route their entire internet traffic through the tunnel to avoid blocking of company bandwith ressources
- DNS queries allowed in USG security policy from VPN zone to LAN zone
But the opposite way, resolving and accessing the VPN clients from Company LAN still doesn't work. Most probably this is available for Site-to-Site VPNs only. Normally for that case an additional route has to be set, showing the gateway for queries from LAN to VPN tunnel. But the USG should know its connected zones and route automatically by itself. Further I wouldn't be able to set a route to the same network range since reserved IP addresses from our local LAN segment will be assigned to the VPN clients. Here I need a clue.0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight