Name Resolution for Mobile VPN with SSL

The goal of a mobile VPN connection is to allow a user to connect to network resources as if they were connected locally. With a local network connection, NetBIOS traffic on the network allows you to connect to devices using the device name. It is not necessary to know the IP address of each network device. However, Mobile VPN tunnels cannot pass broadcast traffic, and NetBIOS relies on broadcast traffic to operate correctly. An alternative method for name resolution must be used.

Methods of Name Resolution Through a Mobile VPN with SSL Connection

You must choose one of these two methods for name resolution:

WINS/DNS (Windows Internet Name Service/Domain Name System)

A WINS server holds a database of NetBIOS name resolution for the local network. DNS works in a similar way. If your domain uses only Active Directory, you must use DNS for name resolution.

LMHOSTS file

An LMHOSTS file is a manually created file that you install on all computers with Mobile VPN with SSL installed. The file contains a list of resource names and their associated IP addresses.

Select the Best Method for Your Network

Because of the limited administration requirements and current information it provides, WINS/DNS is the preferred solution for name resolution through a Mobile VPN tunnel. The WINS server constantly listens to the local network and updates its information. If a resource changes its IP address or a new resource is added, nothing on the SSL client must be changed. When the client tries to get access to a resource by name, a request is sent to the WINS/DNS servers and the most current information is given.

If you do not already have a WINS server, the LMHOSTS file is a fast way to provide name resolution to Mobile VPN with SSL clients. Unfortunately, it is a static file and you must edit it manually any time there is a change. Also, the resource name/IP address pairs in the LMHOSTS file are applied to all network connections, not only the Mobile VPN with SSL connection.

Configure WINS or DNS for Name Resolution

Each network is unique in the resources available and the skills of the administrators. The best resource to learn how to configure a WINS server is the documentation for your server, such as the Microsoft web site. When you configure your WINS or DNS server, note that:

• The WINS server must be configured to be a client of itself.
• Your Firebox or XTM device must be the default gateway of the WINS and DNS servers.
• You must make sure that network resources do not have more than one IP address assigned to a single network interface. NetBIOS only recognizes the first IP address assigned to a NIC. For more information, refer to http://support.microsoft.com/kb/q131641/.

Add WINS and DNS Servers to a Mobile VPN with SSL Configuration

1. Select VPN > Mobile VPN > SSL.
2. Select the Advanced tab.
3. Type the primary and secondary addresses for the WINS and DNS servers. You can also type a domain suffix in the Domain Name text box for a client to use with unqualified domain names.
4. Click OK.
5. Save the Configuration File.
6. The next time an SSL client computer authenticates to the Firebox or XTM device, the new settings are applied to the connection.

Configure an LMHOSTS File to Provide Name Resolution

When you use an LMHOSTS file to get name resolution for your Mobile VPN clients, no changes to the Firebox or XTM device or the Mobile VPN client software are necessary. Basic instructions to help you create an LMHOSTS file are shown below. For more information on LMHOSTS files, refer to http://support.microsoft.com/kb/q150800/.

Edit an LMHOSTS File

1. Look for an LMHOSTS file on the Mobile VPN client computer. The LMHOSTS file (sometimes named lmhosts.sam) is usually located in:
   C:\WINDOWS\system32\drivers\etc
2. If you find an LMHOSTS file in that location, open it with a text editor like Notepad. If you cannot find an LMHOSTS file, create a new file in a text editor.
3. To create an entry in the LMHOSTS file, type the IP address of a network resource, five spaces, and then the name of the resource. The resource name must be 15 characters or less. It should look like this:
   192.168.42.252     server_name
4. If you started with an older LMHOSTS file, save the file with its original name. If you created a new file in Notepad, save it with the name lmhost in the C:\WINDOWS\system32\drivers\etc directory. You must also choose the type "All Files" in the Save dialog box, or Notepad appends ".txt" to the file name.
5. Reboot the SSL client computer for the LMHOSTS file to become active.

Give us feedback  •   Get Support  •   All product documentation  •   Knowledge Base

© 2010 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Firebox, Core, and Fireware are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.