Hello,
I have a UTM9 firewall and we have a site-to-site IPsec VPN connection set with a distant site.
In the site-to-site VPN -> IPsec -> remote gateways, all the networks & servers are set correctly including our distant DNS server (all servers here should be reachable through dev.example.com)
In the site-to-site VPN -> IPsec -> Connections, the connection is enabled and we have our SNAT address host set in local networks.
In Network protection -> NAT, we have a SNAT rule set so for anybody trying to access one of the networks set in the remote gateways of this IPsec tunnel, the source IP will be translated to the SNAT address host set in the IPsec -> connections.
What we want to achieve: instead of using IP to reach distant servers, we want everybody to be able to join the servers through the domain dev.example.com.
It works if we set a static host entry in Network definitions and add the domain in the DNS settings, we can access our server.
This would be good enough if we only had a few entries.
The problem is we have hundred of branches created (all pointing to the same server IP) so we can't add the hostnames manually each time (even more since those branches URL are generated with a random string).
Example. a.b.dev.example.com, b.c.dev.example.com, etc
We have a distant DNS server on the distant site that should be able to resolve the DNS requests for dev.example.com, the problem is it doesn't work.
We tried to set DNS -> request routing and set the distant DNS server, it doesn't work.
We tried to set the distant DNS server in DNS-> forwarders, it also doesn't work.
We don't have a DC/AD on our internal network, so we want to rely on the UTM to resolve those DNS requests over the site-to-site VPN (or to delegate the DNS requests on this site-to-site to the distant DNS server that is reachable through the VPN).
Is it possible?
Best,
Ely
This thread was automatically locked due to age.
