Use IP Helper with Sonicwall VPN for Active Directory across the tunnel

Setting up a site to site vpn using Sonicwall devices is a great way to connect offices in different locations.  It is really helpful if you can make the connection work with Active Directory.  The problem is that even after using the sonicwall wizard to create the VPN and the tunnel is established, Active Directory does not work.  There is still a little more work to be done.

Active Directory can work over a Sonicwall VPN

Active Directory requires DNS, no ifs, ands or buts.  Without properly working DNS, you will never be able to establish communications between clients and the server.  Sonicwall by default sets up very secure connections.  Part of that security is that things like DNS and DHCP are not allowed to traverse the firewalls unless they are told to do so.  Even with a properly configured VPN that has firewall rules that allow all traffic between sites.

This is where most people get thrown.  It’s happened to me a number of times.  Hence the article.

IP Helper is the key

Sonicwall has a solution to this problem.  It’s called IP Helper and it is located in the networking section of the web interface.  Once you get there, simply turn IP Helper on and select the services from the list that you need.  For Active Directory, you will need a minimum of DNS,  I turn andthem all on because If any of these services (like DHCP or NETBIOS) are needed in the future, I won’t have to remember to reconfigure the router to make them work.

Just two things to remember.  First, you must do this on both ends.  Second, you will have to bring the tunnel down and then back up for the changes to take effect.  Once you have IP Helper doing it’s thing, AD will work like a charm!

Comments are closed.