Solved

Watchguard and VPN Connection

Posted on 2004-09-01
3
601 Views
Last Modified: 2013-11-16
I have a Watchguard Firebox 1000.  All of my users can connect via VPN to the firebox but cannot browse the network.  Even though I have told the firewall to Authenticate to NT Server and have even gone as far as entering specific users to access the VPN (as opposed to groups).  It is still the same thing.  I don't think the users are authenticating to the server, just the firewall.  So they can view the network, they just cannot access anything on the network.

Please help as I am about ready to throw the firewall in a DEEP lake......
0
Comment
Question by:Cpacifico
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11983980
If you can open Outlook online over the VPN but not browse the network or share, then enable file and print sharing on the lan/dial up connection on the remote clients
0
 
LVL 2

Accepted Solution

by:
fendermb4 earned 500 total points
ID: 11999164
1.) Setup a user for Firebox Authentication and ignore the NT Server authentication until you can get it working with Firebox Authentication.  As a side note, NT auth doesn't really work, just ask watchguard support ;-) They will tell you to use Radius if you want to auth against a seperate user DB.
2.)  Try to connect with this firebox user.  If you can connect check to see the IP address you are getting when you connect.  Is it on the right network?  If so disconnect and proceed to step 3.
3.)  Add to your "Any" rule to allow incoming from PPTP_Users to Trusted and outgoing from Trusted to PPTP_Users.  
Save the config up and try to connect again.  Connected ok?  Now try pinging.  Is it working?  If so, remove those two rules we created above and add specific rules for the traffic you want to allow in from the PPTP users.  For example, if you want to allow them to use http, pop3, and smtp, you would add pptp_users to your rules for port 80, 110, and 25.  Or, if you aren't concerned with getting that specific right away, just leave them in the any group, which effectively allows any traffic to flow between your VPN users and your trusted network.
0
 

Author Comment

by:Cpacifico
ID: 11999227
Thank you for your help.  It ended up being the ANY service was configured improperly.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question