Can't access new domain through Securemote

[whennessey]

Hi;

My company recently added a new domain and we have appended the dns on tcp/ip and while connected to the company LAN we can get to the new domain sites (.com and also OWA HTTPS:) but when not connected directly to LAN (external wireless, Broadband, etc.) we get a cannot find server or DNS error in internet explorer. If I uncheck the Securemote protocol or turn off the Checkpoint Securemote service I can access them fine. Is this needing DNS entries for the domain on the VPN/Firewall server??

Any help is greatly appreciated.
Bill

[MarioL]

I'd advise you to test further.

Try doing just name resolution on the Client PC, check if DNS works. I'm guessing it actually works, but routing is the problem.

If DNS works, then check how routing for the IPs used would work with SecuRemote, it might be that if you really are on the lan the routing is fine, but, if you come via the VPN it has problems. Office mode should give you the same results as from the LAN.

You could also alternatively use NAT hide on inbound SecuRemote connections, but that isn't "as clean".

[mcnallym]

I presume that you mean when coming in via VPN when you say not connected to the LAN but external wireless/broadband and that is the SecuRemote/Secure Client connecting in.

Is the new domain included in the encrypton domain by IP address, also if using Office Mode then only looks at one dns domain, ie

*.mydomain.com

This allows

hq.mydomain.com
branch1.mydomain.com
branch2.mydomain.com

etc

but not

*.mydomain.com
*.mydomain2.com

etc

You can however use SecuRemote DNS Servers for multiple DNS Domains to get around this.

Hope this is clear

[Danielpb]

As mcnallym says at the end, I've used the Secure Remote DNS servers, but all comms had to be done by the fully qualified domain name...


i.e Server1.uk.inet

not just Server1

[Routerkid1]

Go to Policy >Global Properties >Remote Access >Vpn Advanced and set the SR/SC behavior while disconnected to sent in the clear.