Cisco VPN client through watchgaurd firewall

Posted on 2006-04-11
Medium Priority
Last Modified: 2013-11-16
   I have a user that wants to access my network through a watchgaurd firewall xcore 700. I created a ipsec policy and the VPN client connects and will authenticate successfully. The computer with the VPN client even retains a IP address from my network but he can't remote desktop into his pc nor my network. He also is not able to connect or ping any computer, gateway or domain controller on my network. He still retains a ip though from my network.

     The Cisco VPN client works on any other outside network not protected by a watchgaurd firewall. They are able to communicate with any host on my network.

What can I do to get this person to use remote desktop in my network.
Question by:Fubyou
  • 2
LVL 32

Expert Comment

ID: 16442043
To use a Cisco VPN Client to connect to a non-Cisco device would be a violation of their agreement.


Author Comment

ID: 16442237
im not connecting to the watchgaurd. I am on the inside connecting THROUGH the watch gaurd not TO the watch gaurd.

important word is THROUGH

Your in violation of not being able to read.
LVL 18

Accepted Solution

carl_legere earned 2000 total points
ID: 16442431
you kill me

on the watchgaurd perhaps there is another user using a software VPN client to communcate somewhere else.  sometimes the NAT on a firewall router can only process the first connection that is really a tunnel, and later attempts fail.  

the configs of the watchguard need to be looked at (which I suppose would be difficult?) to see if there is an obvious switch like linksys or netgear has 'allow ipsec on WAN' or somesuch passthrough terminology

Author Comment

ID: 16487696
In addition I kind of wonder if the cisco vpn client uses certain ports to initially authenticate but then to maintain the connection uses another set of (non-administrative ports) that maybe blocked. Ive ony recently learned this from a cisco pix course I took last week.

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month17 days, 4 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question