SSL VPN Client DNS settings?
VPN is confusing me.
We have a TZ400 and I try t set up SSL VPN for smartphone users to access our Exchange server. Installed Sonicwall Mobile Connect on an Android phone. Configured SSL VPN on the TZ400. Now when I try to access the Exchange server, I can do so by entering the Exchange server's IP-address. But NOT when I use the Exchange server FQDN. If I use a browser to connect with the FQDN, it shows "dns_probe_finished_bad_config". So it's a DNS problem. Question is: how to resolve this?
Configuration on the TZ400:
Lets say our domain name is 'company.nl'.
TZ400 LAN IP address: 192.168.205.254
SSL VPN - Client Settings - Setings: Network Address IP V4: 192.168.205.200 - 192.168.205.249 (range)
SSL VPN - Client Settings - Client Settings: DNS Server 1: 192.168.205.101 (Windows domain controller). DNS Server 2: <ISP DNS server>
DNS Search List: company.nl
The Exchange server's FQDN: bitzer.company.nl; IP address 192.168.205.102.
As said, when I use the smartphone to browse to https://192.168.205.102 it shows the login page for OWA. But when I use https://bitzer.company.nl it shows the dns_probe_finished_bad_config. When I use that URL on my Windows pc, I get to the OWA login page. So it seems the local DNS works fine.
What am I doing wrong?
TKWITS Community Legend ✭✭✭✭✭
Are you tunneling all traffic with SSLVPN? Does your SSLVPN client config allow access to the entire subnet, or at least to the DNS servers as well? Does the user account you are logging in as have access to the same subnet / servers?
Don't use an ISP DNS server in the SSLVPN config, use only local DNS servers.1
@TKWITS : thanks! You had it nailed with the DNS servers. I had the VPN connection locked down to only allow HTTPS and only connect to the Exchange server. Added another rule to allow access to a local DNS server and now things work as they should.
What's a bit awkward about DNS servers in the SSLVPN config; if you click 'Default DNS settings', it fills in the DNS servers of the WAN side.
The 'Default DNS settings' option pulls from the firewalls DNS settings set in Network \ DNS, which by default uses the configured WAN DNS servers.
Glad that helped.