Solved

Watchguard and VPN Connection

Posted on 2004-09-01
3
604 Views
Last Modified: 2013-11-16
I have a Watchguard Firebox 1000.  All of my users can connect via VPN to the firebox but cannot browse the network.  Even though I have told the firewall to Authenticate to NT Server and have even gone as far as entering specific users to access the VPN (as opposed to groups).  It is still the same thing.  I don't think the users are authenticating to the server, just the firewall.  So they can view the network, they just cannot access anything on the network.

Please help as I am about ready to throw the firewall in a DEEP lake......
0
Comment
Question by:Cpacifico
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11983980
If you can open Outlook online over the VPN but not browse the network or share, then enable file and print sharing on the lan/dial up connection on the remote clients
0
 
LVL 2

Accepted Solution

by:
fendermb4 earned 500 total points
ID: 11999164
1.) Setup a user for Firebox Authentication and ignore the NT Server authentication until you can get it working with Firebox Authentication.  As a side note, NT auth doesn't really work, just ask watchguard support ;-) They will tell you to use Radius if you want to auth against a seperate user DB.
2.)  Try to connect with this firebox user.  If you can connect check to see the IP address you are getting when you connect.  Is it on the right network?  If so disconnect and proceed to step 3.
3.)  Add to your "Any" rule to allow incoming from PPTP_Users to Trusted and outgoing from Trusted to PPTP_Users.  
Save the config up and try to connect again.  Connected ok?  Now try pinging.  Is it working?  If so, remove those two rules we created above and add specific rules for the traffic you want to allow in from the PPTP users.  For example, if you want to allow them to use http, pop3, and smtp, you would add pptp_users to your rules for port 80, 110, and 25.  Or, if you aren't concerned with getting that specific right away, just leave them in the any group, which effectively allows any traffic to flow between your VPN users and your trusted network.
0
 

Author Comment

by:Cpacifico
ID: 11999227
Thank you for your help.  It ended up being the ANY service was configured improperly.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question