Question

MUVPN Users are unable to log on.

Asked by: montekane

Having trouble setting up muvpn users on our new Watchguard Firebox.  I have tried contacting Watchguard tech support but they never seem to call me during an appropriate time.  Any help would be appreciated.  Here is hat I have done so far.  

Step 1:  I first setup the Authentication Server.  I am using Active Directory for authentication.  My settings are as follows:
IP Address:  100.100.100.5 (Domain controller)
Port: 389
Search Base: ou=SBSUsers,ou=Users,ou=MyBusiness,dc=miamicpas,dc=local (This is the active directory ou where all the users reside on the domain controller, SBS 2003)
Group string: memberOf
DN: blank
Password: blank
Login Attribute: sMAccountName
DeadTime: 10 minutes

Step 2:   I created a mobile user vpn group. Under VPN, Remote Users.  These are the settings that I created.
Group name is: SBSUsers
Authentication Server: Active Directory
Allowed Access: 100.100.100.0/24 (IP Scheme of internal network)
Virtual IP Address Pool: 100.100.100.125 - 100.100.100.130 (Reserved address pool for vpn users on DC)
IPSEC Settings:
Key Negotian Type: pre-shared key
Key Exp: 128000KB or 8 hours
Encr: AES (256 bit)
Auth: SHA1

At this point the mobile user vpn policy is automatically created allowing all ports open for this specific user group.  I went ahead and exported the profile o a laptop which had the muvpn software installed.  Imported the profile which was successful and tried logging on using an aircard.  I keep getting the error IKE Error phase 1, lost connection to peer.  This is where I am stuck.

I apologize with the long message, but I wanted to give all the details possible.  I hope someone can help.

Thanks,
Angel

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-06-18 at 06:47:16ID23495160
Tags

WatchGuard

,

Firebox

,

X550e

,

Fireware v9.1

Topics

Watchguard Firewall

,

Virtual Private Networking (VPN)

Participating Experts
2
Points
250
Comments
7

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Polycom and Watchguard Firebox 500
    My company recently purchased a Video Conferencing solution from Polycom, the VSX 7000 camera. After getting it all connected and configured, I made a video conference call to the Polycom help desk to test it out. The connection was successful, and the person at the help d...
  2. WatchGuard Site-to-Site VPN
    I am trying to set up a site-to-site VPN from a WatchGuard Firebox X750e (Fireware v8.3) and a WatchGuard SOHO 6 (v6.4.1). I believe the tunnel is setup correctly but I cannot get traffic to pass between the sites. I think the issue is with the firewall policy on the SOHO sid...
  3. VPN Passthrough Watchguard Firebox
    I have a Watchguard Firebox. I want a VPN passthrough to a Windows 2003 server. I created a PPTP packet filter and pointed it to the IP address of the RRAS server. I cannot connect to the server. It appears that it is not passing the traffice through. Any help is greatly ...
  4. Watchguard Firebox Edge
    Hello: I am getting slammed by the following messages: Jul 31 18:03:55 kernel deny out eth1 78 udp 20 128 192.168.0.62 192.168.0.255 137 137 (broadcast) Jul 31 17:59:55 kernel deny out eth1 246 udp 20 128 192.168.0.30 192.168.0.255 138 138 (broadcast) Jul 31 17:59:5...
  5. WatchGuard Firebox unable to route VPN traffic to D-Link …
    I'm having an issue routing from a WatchGuard Firebox III/700 to a D-Link DFL-1100. We have several other VPNs that are running without a hitch, but this one and one other (with a Vendor) are failing to route across the VPN Tunnel. I can see the tunnel up and working, and t...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: dpk_walPosted on 2008-06-18 at 21:36:57ID: 21819268

Can you update if you tried connecting from behind WG itself or from another internet connection; from behind WG you would not be able to connect using MUVPN.

also, can you post some logs from traffic monitor or client which would give some details as to what exactly failed in VPN negotiations.

Thank you.

 

by: sam99myPosted on 2008-06-18 at 21:45:29ID: 21819308

Before you install the client software, make sure the computer does not have any other IPSec
mobile user VPN client software installed. and make sure WG network adpater are not disable (WatchGuard Secure Client Virtual NDIS6 Adapter)

getting phase 1 error normaly is because firewall are not listening VPN traffic, or your VPN traffic are blocked by something else, such as, windows firewall or any other firewall installed in your computer and Gateway firewall, make sure all are allowed VPN traffic outgoing.

try to check profile setting, the vpn gateway ip u try to connect is correct or not.

try to check traffic monitor what are the status when u connect, you can go to policy manager> setup > logging > advance diagnostics > VPN > IKE, set to level high, and enable "Display diagnostics messages in traffic monitor" at bottom.

 

by: montekanePosted on 2008-06-19 at 06:03:21ID: 21821697

Okay, I think I made some progress but not much.  I removed the other vpn software I had installed (Sonicwall), I then turned on the logging for the vpn ike connectivity.   Tried logging on from the laptop which is using an aircard that is outside of the internal network.  I'm getting a different error with the client software now, it is VPN Error - Lost contact to VPN Gateway.  I made sure there is no firewall on the client laptop.  Attached please see the log for the vpn traffic.  It shows the user mkane succesfully logs on, it also shows that it connects to AD correctly because it's picking up the users credentials.  At some point it states that it is deleting the tunnel to peer (ip address).

Any ideas?

Thanks,
Angel

 

by: dpk_walPosted on 2008-06-19 at 07:28:24ID: 21822439

There is no reason specified in the logs why firebox closed the session; can you delete the user; re-configure user on firebox and then use the new .wgx file and try if that changes anything.

Thank you.

 

by: montekanePosted on 2008-06-19 at 07:37:51ID: 21822549

The authentication is done through Active Directory.  There is no specific user created on the firebox.  If you mean re-create the group that is setup for vpn connection, I have already tried doing that several times.

 

by: sam99myPosted on 2008-06-19 at 08:31:03ID: 21823195

what version of muvpn client you using now? 7 or 10? maybe can you show the log on muvpn software site.

 

by: montekanePosted on 2008-06-19 at 08:58:06ID: 21823525

Okay.  I got it to work!  I followed sam99my advise and I did the following.

Step 1:  Removed any other vpn software currently installed on the client laptop.
Step 2:  Double checked that the client firewall was either disabled or had the proper rules for ipsec
Step 3:  Turned on logging for the watchgurad firebox in the corporate office, this was able to at least tell me there as no problem with authentication, the problem was with the actual connection.
Step 4:  Viewed the logs for the muvpn software and noticed what the problem was, DHCP request failed.
Step 5:  Checked the profile settings, IP Address assignment, and noticed that th Private IP Address assignment was set to DHCP over IPSec.  I changed it to local IP address and it worked from there.

Once I connected the virtual adapter picked an ip address from the pool of ip's that I setup on the firebox.  After that I was unable to browse the network via DNS but I was successful using ip addresses.  I disconnected, went into the profile settings and manually setup the DNS server address and the WINS server address.  Connected and I was browsing 100%.

Sorry about the long answer, I was descriptive just in case someone had the same problem.

Thanks for all your help!

Angel

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...