Hello all. Here’s my situation.
I’ve got an SBS 2011 Standard server in my office. As per recommended practice, the SBS server is acting as DHCP and DNS server for the local network, which is 192.168.0.x.
I also just opened up a remote office and linked the two offices via a Branch Office VPN running between Watchguard XTM appliances at each location. The subnet of this remote office is 192.168.1.x. There is no server here, so clients need to log into the domain over the VPN to access shared folders, etc.
I set the Watchguard at the remote office to do DHCP, and for the DNS part of the scope, specified the SBS server on the other subnet plus the two DNS servers provided by the ISP (in that order, so SBS DNS first, ISP DNS second and third).
Thing is, when I have the Watchguard configured this way, the clients on the remote network can browse the Web but can’t log into the domain. If I remove the two ISP DNS addresses and leave only the SBS DNS, then the client logs into the domain happily.
For speed and reliability reasons I would prefer not to have all my DNS requests being done over the VPN. Rather, I would like Internet lookups on the remote network to be done via the ISP’s DNS, but I’m not sure how to configure this without breaking domain login.
Any assistance would be greatly appreciated. Thanks.
Joe