This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Host Entry SSL VPN DFS Sharing Problem

Hi;

I have 3 DCs for domain in my network.

111.local
192.168.1.11 PDC
192.168.1.12 ADC
192.168.1.13 ADC

192.168.1.1 is a SOPHOS LAN interface ip address

Under the DNS host entry, I entered these fields with the DC server ip addresses. (Network -> DNS -> DNS host entry

I have enabled DNS checkbox in Administration-> Device access -> Local service ACL

In addition to all these settings, I 
In Remote access VPN -> SSL VPN -> SSL VPN Global Settings->IPv4 DNS section,
I entered the IPv4 DNS address in the SSL VPN settings as the sophos LAN interface ip address 192.168.1.1

There is windows DFS file sharing structure in 111.local network, 

When SSL VPN connection is established, I can resolve the 111.local domain name through the client side.
\\192.168.1.21 (DFS1)
\\192.168.1.22 (DFS2)
\\192.168.1.23 (DFS3)
When I connect as above, I can access shares on DFS nodes.

However, SSL VPN users need to access the DFS share as \\111.local\FileSahre.

Is it normal that the user on the SSL VPN side resolves DNS correctly, can reach DC servers with the 111.local domain name, but does not access the DFS share as \\111.local\FileShare or is there something I forgot somewhere?

In addition, when I enter the first DNS as 192.168.1.11 and the second DNS as 192.168.1.12 in the IPV4 DNS setting in the Remote access VPN -> SSL VPN -> SSL VPN Global Settings->IPv4 DNS section, the user on the SSL VPN side can access the DFS share as \\111.local\FileShare.

What could be the reason why the structure does not work as DNS Host Entry?



This thread was automatically locked due to age.
Parents
  • Hello  
    Thank you for reaching out to the community, can you clear the cache and verify with ipconfig /flushdns. A PCAP will help us investigate further if there is a glitch from the internal DNS server, in the following scenario XG will forward the DNS request to the internal DNS server for processing. Can also you verify if there is any increase in Dropped or Error packets on the XG interface where the DNS server is located? - watch ifconfig Port<no>

    > DNS Route practice
    > DoS and DDoS attacks
    >
     Also check again by re-downloading the config of SSL VPN user

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hello,

    Thank you very much for your attention.

    I tried the ipconfig /flushdns command.

    There is no problem in DNS resolution of the client who makes SSL VPN.

    192.168.1.1 sophos lan interface ip address and I use the dc ip addresses that I entered in the DNS host entry, and for DNS resolution, I gave the SSL VPN global settings the ip address of our sophos LAN setting 192.168.1.1.

    \\111.local\FileShare works when I give one of the DC ip addresses 192.168.1.11-192.168.1.12 or 192.168.1.13 as DNS in SSL VPN global settings.

    But when I write the Dc ip addresses in the DNS host entry and enter the sophos LAN setting ip address as the DNS ip address in the SSL VPN global settings, DNS resolves but does not access the DFS server as \\111.local\FileShare.

Reply
  • Hello,

    Thank you very much for your attention.

    I tried the ipconfig /flushdns command.

    There is no problem in DNS resolution of the client who makes SSL VPN.

    192.168.1.1 sophos lan interface ip address and I use the dc ip addresses that I entered in the DNS host entry, and for DNS resolution, I gave the SSL VPN global settings the ip address of our sophos LAN setting 192.168.1.1.

    \\111.local\FileShare works when I give one of the DC ip addresses 192.168.1.11-192.168.1.12 or 192.168.1.13 as DNS in SSL VPN global settings.

    But when I write the Dc ip addresses in the DNS host entry and enter the sophos LAN setting ip address as the DNS ip address in the SSL VPN global settings, DNS resolves but does not access the DFS server as \\111.local\FileShare.

Children