Configure DNS and WINS Servers for Mobile VPN with IPSec

In Fireware v12.2.1 or higher, for DNS and WINS resolution on Mobile VPN with IPSec clients, you can select to:

  • Assign or not assign the Network (global) DNS/WINS settings to mobile clients
  • Assign DNS and WINS settings specified in the Mobile VPN with IPSec configuration to mobile clients

For more information about how DNS is used for lookups over a mobile VPN connection, go to DNS and Mobile VPNs.

DNS forwarding is not supported for mobile VPN clients.

In Fireware v12.2 or lower, Mobile VPN with IPSec clients automatically inherit DNS and WINS servers from the Network (global) DNS/WINS settings on your Firebox. Although you can specify up to three Network DNS servers, mobile VPN clients use only the first two in the list. For information about the Network DNS/WINS settings, go to Configure Network DNS and WINS Servers.

Use the Network DNS/WINS Settings

In the Mobile VPN with IPSec configuration, you can specify that mobile clients should use the Network (global) DNS/WINS settings on your Firebox.

When you select this option, mobile clients receive the DNS and WINS settings you specify at Network > Interfaces > DNS/WINS. For example, if you specify the DNS server 10.0.2.53 in the Network DNS/WINS settings, mobile VPN clients use 10.0.2.53 as a DNS server.

For mobile users to resolve internal domain names on your network, specify an internal DNS server first in the list. If you specify only a public DNS server, mobile users can resolve public domain names, but not internal domain names.

Although you can specify up to three Network DNS servers, mobile VPN clients use only the first two in the list.

For IPSec Mobile VPN clients, the domain name specified in the Network DNS settings on the Firebox is not used as a domain name suffix. You can specify a DNS domain name suffix in the VPN client. For more information, go to Configure DNS in the WatchGuard IPSec Mobile VPN client.

  1. Select Network > Interfaces.
    The Interfaces configuration page appears.

Screen shot of the Network DNS/WINS settings

  1. Select the DNS/WINS tab.
  2. In the DNS Server or WINS Server text boxes, type the primary and secondary address for each DNS or WINS server.
  3. Click Add.
  4. (Optional) Repeat Steps 3–4 to specify up to three DNS servers.
  5. Click Save.
  6. (Fireware v12.3 or higher) Select VPN > Mobile VPN.
  7. In the IPSec section, select Configure.
    The Mobile VPN with IPSec page appears.
  8. (Fireware v12.2.1 or lower) Select VPN > Mobile VPN with IPSec.
    The Mobile VPN with IPSec page appears.
  9. From the Groups list, select a group and click Edit.
    The Mobile User VPN with IPSec Settings page appears.
  10. Select the Advanced tab.
  11. In the DNS Settings section, select Assign the Network DNS/WINS Server settings to mobile clients.
  12. Click Save.
    The Mobile VPN with IPSec page appears.
  13. Click Save.
  1. Select Network > Configuration.
    The Network Configuration dialog box appears.
  2. Select the WINS/DNS tab.
    The information on the WINS/DNS tab appears.

Screen shot of the WINS/DNS settings

  1. In the DNS Servers text box, type the IPv4 or IPv6 address for each DNS server.
  2. Click Add.
  3. (Optional) Repeat Steps 3–4 to specify up to three DNS servers.
  4. In the WINS Servers text boxes, type the primary and secondary IPv4 address of the WINS servers.
  5. Click OK.
  6. Select VPN > Mobile VPN > IPSec.
    The Mobile VPN with IPSec page appears.
  7. From the Groups list, select a group and click Edit.
    The Mobile User VPN with IPSec Settings page appears.
  8. Select the Advanced tab.
  9. In the DNS Settings section, select Assign the Network DNS/WINS Server settings to mobile clients.
  10. Click OK.
    The Mobile VPN with IPSec page appears.
  11. Click OK.

Do Not Assign DNS or WINS Settings to Mobile VPN Clients

When you select the Do not assign DNS or WINS settings to mobile clients option, Mobile VPN with IPSec clients do not receive any DNS or WINS settings from the Firebox.

Use the DNS and WINS Settings in the Mobile VPN Configuration

You can specify that mobile clients should use the DNS and WINS settings in the Mobile VPN with IPSec configuration.

When you select the Assign these settings to mobile clients option, mobile clients use the domain name, DNS server, and WINS server settings you specify in the Mobile VPN with IPSec configuration. For example, if you specify example.com as the domain name and 10.0.2.53 as the DNS server, mobile clients use example.com for unqualified domain names and 10.0.2.53as the DNS server.

When you select this option, mobile clients do not use the servers specified in the Network DNS/WINS settings on the Firebox. For example, if you only specify a DNS server in the Mobile VPN with IPSec configuration, clients only receive that DNS server. If a WINS server and domain name are configured in the Network DNS settings, clients do not receive those settings.

You can specify one domain name, up to two DNS server IP addresses, and up to two WINS server IP addresses.

  1. (Fireware v12.3 or higher) Select VPN > Mobile VPN.
  2. In the IPSec section, select Configure.
    The Mobile VPN with IPSec page appears.
  3. (Fireware v12.2.1 or lower) Select VPN > Mobile VPN with IPSec.
    The Mobile VPN with IPSec page appears.
  4. From the Groups list, select a group and click Edit.
    The Mobile User VPN with IPSec Settings page appears.
  5. Select the Advanced tab.

Screen shot of DNS settings for Mobile VPN with IPSec

  1. In the DNS Settings section, select Assign these settings to mobile clients.
  2. (Optional) In the Domain Name text box, type the domain name for your internal network.
  3. In the first DNS Servers text box, type the IP address of your primary DNS server.
  4. (Optional) In the second DNS Servers text box, type the IP address of your secondary DNS server.
  5. (Optional) In the first WINS Servers text box, type the IP address of your primary WINS server.
  6. (Optional) In the second WINS Servers text box, type the IP address of your secondary WINS server.

Screen shot of assigned DNS settings

  1. Click Save.
    The Mobile VPN with IPSec page appears.
  2. Click Save.
  1. Select VPN > Mobile VPN > IPSec.
    The Mobile VPN with IPSec page appears.
  2. From the Groups list, select a group and click Edit.
    The Edit Mobile User VPN with IPSec Settings page appears.
  3. Select the Advanced tab.

Screen shot of DNS settings for Mobile VPN with IPSec

  1. In the DNS Settings section, select Assign these settings to mobile clients.
  2. (Optional) In the Domain Name text box, type the domain name for your internal network.
  3. In the first DNS Servers text box, type the IP address of your primary DNS server.
  4. (Optional) In the second DNS Servers text box, type the IP address of your secondary DNS server.
  5. (Optional) In the first WINS Servers text box, type the IP address of your primary WINS server.
  6. (Optional) In the second WINS Servers text box, type the IP address of your secondary WINS server.

Screen shot of the assigned DNS settings

  1. Click OK.
    The Edit Mobile VPN with IPSec page appears.
  2. Click OK.

Related Topics

Mobile VPN with IPSec

Modify an Existing Mobile VPN with IPSec Group Profile