Name Resolution for Mobile VPN with SSL

The goal of a mobile VPN connection is to allow users to connect to network resources as if they were connected locally. With a local network connection, NetBIOS traffic on the network enables you to use the device name to connect to your devices. It is not necessary to know the IP address of each network device. However, mobile VPN tunnels cannot pass broadcast traffic. Because NetBIOS relies on broadcast traffic to operate correctly, you must use an alternate method for name resolution.

Methods of Name Resolution Through a Mobile VPN with SSL Connection

You must choose one of these two methods for name resolution:

WINS/DNS (Windows Internet Name Service/Domain Name System)

A WINS server keeps a database of NetBIOS name resolution for the local network. DNS uses a similar method. If your domain uses only Active Directory, you must use DNS for name resolution.

LMHOSTS file

The LMHOSTS file is a manually created file that you install on all computers with Mobile VPN with SSL. The file contains a list of resource names and their associated IP addresses.

Select the Best Method for Your Network

Because of the limited administration requirements and current information it provides, WINS/DNS is the preferred solution for name resolution through a Mobile VPN tunnel. The WINS server constantly listens to the local network and updates its information. If the IP address of a resource changes, or a new resource is added, you do not have to change any settings on the SSL client. When the client tries to get access to a resource by name, a request is sent to the WINS/DNS servers and the most current information is given.

If you do not already have a WINS server, the LMHOSTS file is a fast way to provide name resolution to Mobile VPN with SSL clients. Unfortunately, it is a static file and you must edit it manually any time there is a change. Also, the resource name/IP address pairs in the LMHOSTS file are applied to all network connections, not only the Mobile VPN with SSL connection.

Configure DNS or WINS for Name Resolution

Each network is unique in terms of the resources available and the skills of the administrators. The best resource to help you learn how to configure a WINS server is the documentation for your server, such as the documentation found on the Microsoft website. When you configure your WINS or DNS server, note that:

  • The WINS server must be configured to be a client of itself.
  • Your Firebox must be the default gateway of the WINS and DNS servers.
  • For WINS, you must make sure that network resources do not have more than one IP address assigned to a single network interface. NetBIOS only recognizes the first IP address assigned to a NIC.

Add DNS and WINS Servers to a Mobile VPN with SSL Configuration

In Fireware v12.3, the steps to open the Mobile VPN with SSL configuration changed. In Fireware v12.2 1 or lower, select VPN > Mobile VPN with SSL. In Policy Manager v12.2 1 or lower, select VPN > Mobile VPN > SSL.

The next time an SSL client computer authenticates to the Firebox, the new settings are applied to the connection.

Configure the LMHOSTS File to Provide Name Resolution

When you use the LMHOSTS file to get name resolution for your Mobile VPN clients, no changes to the Mobile VPN client software are necessary. In Fireware v12.2 or lower, no Firebox changes are necessary.

In Fireware v12.2.1 or higher, you must configure a setting in the Mobile VPN with SSL configuration so that no DNS or WINS settings are assigned to mobile clients.

Basic instructions to help you create an LMHOSTS file are included in the next section.

Edit the LMHOSTS File

To edit the LMHOSTS file on the Mobile VPN client computer:

  1. Find the LMHOSTS file on the Mobile VPN client computer.
    The LMHOSTS file is usually located in the C:\WINDOWS\system32\drivers\etc directory.
  2. Open the LMHOSTS file with a text editor, such as Notepad.
    If you cannot find an LMHOSTS file, create a new file in a text editor.
  3. To create an entry in the LMHOSTS file, type the IP address of a network resource, five spaces, and then the name of the resource.
    The resource name must be 15 characters or less. It should look like this: 192.168.42.252     server_name
  4. If you started with an older LMHOSTS file, save the file with the original file name.
    If you created a new file, save it with the file name lmhost in the C:\WINDOWS\system32\drivers\etc directory.
    If you used Notepad to create the new file, you must also choose the type All Files in the Save dialog box, or Notepad adds the .txt file extension to the file name.
  5. Reboot the SSL client computer for the LMHOSTS file to become active.

Related Topics

About Mobile VPN with SSL

DNS and Mobile VPNs

Download, Install, and Connect the Mobile VPN with SSL Client