Link to home
Start Free TrialLog in
Avatar of varrington1964
varrington1964

asked on

Watchguard Firewall and PPTP clients

ok i am trying to setup a Watchguard x550E to use PPTP_users and to authenticate against my RRAS/IAS server.I have done these numerous times with the X700 .i am getting error> from the log
127.0.0.1,PARTNERS\vtownsend,10/22/2007,17:20:50,IAS,PMPNTAD7
and this from the event viewer
User PARTNERS\vtownsend was denied access.
 Fully-Qualified-User-Name = <undetermined>
 NAS-IP-Address = 127.0.0.1
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = <not present>
 Client-Friendly-Name = ohio_firebox
 Client-IP-Address = 192.168.111.2
 NAS-Port-Type = <not present>
 NAS-Port = 0
 Proxy-Policy-Name = <none>
 Authentication-Provider = <undetermined>
 Authentication-Server = <undetermined>
 Policy-Name = <undetermined>
 Authentication-Type = <undetermined>
 EAP-Type = <undetermined>
 Reason-Code = 49
 Reason = The connection attempt did not match any connection request policy.
i have the exact same Connection Request policy in my other subnets does anyone have the procedures to configure the X550E using wsm8.3
Avatar of dpk_wal
dpk_wal
Flag of India image

I need some clarification, is X550e acting as PPTP server or is your RRAS/ISA acting as PPTP server.

If you have configured WG as PPTP server then please make sure you do not have any PPTP service added which allows incoming PPTP/GRE traffic, also, if you are using external authentication [NT or RADIUS] make sure that the WG is able to communicate with the authentication servers; and you have a policy allowing traffic from remote users to the trusted resources.

If you have configured X550e to forward PPTP traffic to your RRAS/ISA server then make sure that you have not checked "Activate Remote User" in Policy Manager->Network->Remote User; also you have configured 1-1 NAT for your RRAS/ISA server and that the public IP used for 1-1 NAT is not added as an alias on the firebox external interface.

Please check and update.

Thank you.
Avatar of varrington1964
varrington1964

ASKER

I am sorry i was not clear.I  want my X550e to Authenticate users against my RRAS/IAS server using PPTP.The WG is able to communicate to the radius server hence the error message from the server.I have also create a policy to allow the pptp-users access to the trusted resources
ASKER CERTIFIED SOLUTION
Avatar of dpk_wal
dpk_wal
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial