I have two 3.8 (GENERIC) IPSec VPN gateways using ISAKMP transforms for negotiation. No complicated PF rules, everything is wide open between networks. I can access and negotiate every protocol except when I call an nslookup request from one side to a W2K3 server on the other. I receive timeouts and server not available. A quick telnet (ip) 53 returns a response. I can ping, tracert/traceroute, and map drives between networks. Tcpdump shows outbound domain requests from one side, tcpdump on the destination shows no domain requests coming in. No restrictions or ACL security implemented in AD that would prevent a lookup for a local zone. Finally, I have additional Ipsec peers in the same 3.8 (GENERIC) VPN gateway that have Sonicwall peers. From these links, I can run nslookups between the networks without issue. Very strange, any ideas? Thanks -T
