Contents

Configure DNS and WINS Servers for Mobile VPN with L2TP

In Fireware v12.2.1 or higher, for DNS and WINS resolution on Mobile VPN with L2TP clients, you can select to:

  • Assign or not assign the Network (global) DNS servers to mobile clients
  • Assign DNS servers specified in the Mobile VPN with L2TP configuration to mobile clients

For more information about how DNS is used for lookups over a mobile VPN connection, see DNS and Mobile VPNs.

DNS forwarding is not supported for mobile VPN clients.

If you change the DNS server IP address, clients must disconnect and then reconnect to receive the new IP address.

In Fireware v12.2 or lower, Mobile VPN with L2TP clients automatically inherit DNS servers from the Network (global) DNS/WINS settings on your Firebox. Although you can specify up to three Network DNS servers, mobile VPN clients use only the first two in the list. WINS servers and the domain name suffix are not inherited. For information about the Network DNS/WINS settings, see Configure Network DNS and WINS Servers.

Use the Network DNS/WINS Settings

In the Mobile VPN with L2TP configuration, you can specify that mobile clients should use the Network (global) DNS servers configured on your Firebox.

When you select this option, mobile clients receive the DNS servers you specify at Network > Interfaces > DNS/WINS. For example, if you specify the DNS server 10.0.2.53 in the Network DNS/WINS settings, mobile VPN clients use 10.0.2.53 as a DNS server.

For mobile users to resolve internal domain names on your network, specify an internal DNS server first in the list. If you specify only a public DNS server, mobile users can resolve public domain names, but not internal domain names.

Although you can specify up to three Network DNS servers, mobile VPN clients use only the first two in the list.

Do Not Assign DNS or WINS Settings to Mobile VPN Clients

When you select the Do not assign DNS or WINS settings to mobile clients option, Mobile VPN with L2TP clients do not receive any DNS settings from the Firebox.

Use the DNS and WINS Settings in the Mobile VPN Configuration

You can specify that mobile clients should use the DNS settings in the Mobile VPN with L2TP configuration.

When you select the Assign these settings to mobile clients option, mobile clients use the DNS servers you specify in the Mobile VPN with L2TP configuration. For example, if you specify example.com as the domain name and 10.0.2.53 as the DNS server, mobile clients use example.com for unqualified domain names and 10.0.2.53as the DNS server.

When you select this option, mobile clients do not use the servers specified in the Network DNS/WINS settings on the Firebox. For example, if you only specify a DNS server in the Mobile VPN with IPSec configuration, clients only receive that DNS server. If a WINS server and domain name are configured in the Network DNS settings, clients do not receive those settings.

You can specify one domain name, up to two DNS server IP addresses, and up to two WINS server IP addresses.

For L2TP Mobile VPN clients, the Domain Name specified in the network DNS settings on the Firebox is not used as a domain name suffix. You can manually assign the DNS servers your PC uses for an L2TP VPN client connection, and specify the DNS suffix the client computer uses to resolve host names when it is connected to the VPN. For more information, see the Knowledge Base article, Configure DNS settings for L2TP VPN clients.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search