Solved

Watchguard and VPN Connection

Posted on 2004-09-01
3
597 Views
Last Modified: 2013-11-16
I have a Watchguard Firebox 1000.  All of my users can connect via VPN to the firebox but cannot browse the network.  Even though I have told the firewall to Authenticate to NT Server and have even gone as far as entering specific users to access the VPN (as opposed to groups).  It is still the same thing.  I don't think the users are authenticating to the server, just the firewall.  So they can view the network, they just cannot access anything on the network.

Please help as I am about ready to throw the firewall in a DEEP lake......
0
Comment
Question by:Cpacifico
3 Comments
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11983980
If you can open Outlook online over the VPN but not browse the network or share, then enable file and print sharing on the lan/dial up connection on the remote clients
0
 
LVL 2

Accepted Solution

by:
fendermb4 earned 500 total points
ID: 11999164
1.) Setup a user for Firebox Authentication and ignore the NT Server authentication until you can get it working with Firebox Authentication.  As a side note, NT auth doesn't really work, just ask watchguard support ;-) They will tell you to use Radius if you want to auth against a seperate user DB.
2.)  Try to connect with this firebox user.  If you can connect check to see the IP address you are getting when you connect.  Is it on the right network?  If so disconnect and proceed to step 3.
3.)  Add to your "Any" rule to allow incoming from PPTP_Users to Trusted and outgoing from Trusted to PPTP_Users.  
Save the config up and try to connect again.  Connected ok?  Now try pinging.  Is it working?  If so, remove those two rules we created above and add specific rules for the traffic you want to allow in from the PPTP users.  For example, if you want to allow them to use http, pop3, and smtp, you would add pptp_users to your rules for port 80, 110, and 25.  Or, if you aren't concerned with getting that specific right away, just leave them in the any group, which effectively allows any traffic to flow between your VPN users and your trusted network.
0
 

Author Comment

by:Cpacifico
ID: 11999227
Thank you for your help.  It ended up being the ANY service was configured improperly.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question