Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 4622 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Netbios / IpSec VPN

JonasAgius

 Hey Guys,

At a Customer we have a DNS Issue. We have a S2S VPN from a Location to the HQ (both UTMs Sophos). DNS Forwarder is pointing to the DCs at the HQ. 

FQDN is working but not Netbios. There a lot of Configurations at this location where the Netbios was used and the Clients are not Domain joined. Sure we could set up Static Entries but we want to get sure that everything is properly working without maintenance while IPs, Servers etc. got changed.

I'm not understanding why its not working, If I do a Ping from this UTM with a Netbios Name it should forward this to the DC . If I do it with a FQDN Name Resolution and Ping is working.

Any Idea ? Thx in Advance

 

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hallo Jonas,

    As Alex said, I don't think this can be done over a classic IPsec or SSL VPN.  The only way I know to do this remotely with UTM is to create a UTM-UTM RED tunnel and bridging it to the same subnet on both ends.  There's a little more to it than that, but the RED tunnel is a minimum requirement.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hallo Jonas,

    As Alex said, I don't think this can be done over a classic IPsec or SSL VPN.  The only way I know to do this remotely with UTM is to create a UTM-UTM RED tunnel and bridging it to the same subnet on both ends.  There's a little more to it than that, but the RED tunnel is a minimum requirement.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hey Guys,

    Thx for your Reply. We had to change the DHCP as first DNS Server to the Remote DC and changed the Suffix to the Domain Name. After this it was fine so that there was no need to join the Domain. 

    the only thing is I'm wondering how Lancom get this to work out of the box. I tested it at another Location where a Lancom is not changed yet and there is no extra configuration, simple IPSec S2S Connection, DHCP in his own LAN and Suffix is Standard as "Intern" at Lancom. Forwarder for * is the Remote DC.

    Regards,

    Jonas

Unfiltered HTML