Client Cannot Browse Internet While Connected

[BWenson]

I have a handful of users, all using DSL, who once they connect to the Gateway using SecureClient(NG R56 Build 311) with Office Mode, they cannot browse the Internet.

They can ping a server by address, but not by name. Obviously some kind of DNS problem.

They are using Office Mode because we have a 192.168.1.x network internally.

The problem may be specific to Westell Versalink 327W modems. Haven't confirmed all but I know at least two users use them.

The Versalink is giving out a 192.168.1.x address.

Any suggestions?

[Lackie]

I don't think it's a problem with the modem or with the IP address that it's giving out. That's what Office mode is used for and from the sounds of it you can connect to your Internal network without a problem.

Are you using a desktop policy that the client downloads? It may be blocking DNS or traffic to the DNS servers that the customer has set on their client.

Do you have SecuRemote DNS configured? This is used if you want the client to use your internal DNS servers when they are connected. If you do have it set to use this, the client may be having difficulty getting to them.

[BWenson]

Quote:

Originally Posted by Lackie

I don't think it's a problem with the modem or with the IP address that it's giving out. That's what Office mode is used for and from the sounds of it you can connect to your Internal network without a problem.

Are you using a desktop policy that the client downloads? It may be blocking DNS or traffic to the DNS servers that the customer has set on their client.

Do you have SecuRemote DNS configured? This is used if you want the client to use your internal DNS servers when they are connected. If you do have it set to use this, the client may be having difficulty getting to them.

I'm kinda a noob on this stuff. I believe that DNS is configured but I'm not sure how to change it. It's definitely some type of DNS thing where the client can't resolve names. Just not sure how to fix it.

[Lackie]

I'm presuming that you have a desktop policy that the client downloads... what kind of outbound rules do you have for the client? Do you have one that allows DNS out from the client?

[alienbaby]

Sounds like a desktop policy issue.

Be sure to have Log turned on for all the Desktop Policies. Alert, if you want a copy for your management server.

[BWenson]

I'm sure it's a desktop policy issue like you all said. I can ping Internet IP addresses but names are not being resolved.

In my policy rules, I have DNS allowed to our internal DNS server from the VPNUsers group. But I'm guessing that our internal DNS server is not the location the client is sending DNS requests.

What type of rule do I need to allow DNS access outside of our network? Or am I off track?

[Lackie]

Put in a rule that looks similar to the following...

Source > Destination > Service > Action
usergroup@any > Any > DNS > Accept

That should allow DNS out from your client when they are connected.

[alienbaby]

And be sure the remove the SecuRemote DNS object if you have created it. DNS should only be configured in the Office Mode section of the gateway in use.