Solved

How to share a \\NAS Lacie drive to all users connected via MUVPN in Firebox?

Posted on 2008-06-11
6
661 Views
Last Modified: 2013-11-16
Hi,

I am currently try to share a NAS drive over mobile users connected via VPN to my Firebox x1250e running latest fireware 10.1 with the latest version of MUVPN application (users side).

My setup is as follows:

a) Modem/Router connected to external interface of x1250e double NATing due to stupidity of my ISP. (cannot change that).

b)All my company's PCs are connected to Trusted interface of x1250e including the LACIE big ethernet rack via a Linksys 24 switch and all users can access it when typing  \\NAS in the address bar.

c)All mobile VPN users can connect to my firebox without any issues at all.

d) The policy "Any" is setted up in the "Mobile VPN with IPsec" tab in my Policy Manager so all ports are open.

   Trusted interface ip block is 192.168.2.1 subnet 255.255.255.0,
   External interface ip block is 192.168.1.2  255.255.255.0  Gateway 192.168.1.1 (taken from modem/router). All IPs are static, only the MUVPN gives out DHCP IPs in range 192.168.10.1 to 192.168.10.100

Questions:

#1. How can i make all users to be able to access this NAS drive?

#2. The "Any" policy in my Policy Manager is only for ports, or for both ports and protocols?

#3. When creating the Groups/Users i setted up as a resource my Win 2003 R2 server's IP witch is 192.168.2.2. as a Host IP, is this correct? When i do this i can ping all connected users (and vice versa) ONLY from this machine.

#5.What i must do in order to see EVERYTHING behind the Firebox when i am connected via VPN to my firebox?

#6. As said above, only my Server can ping the users, how can i make it to ping everybody each other? I want for example to establish RDP connection  between users connected via VPN to my firebox. (not from my server, but between them).

It's a little bit confusing to me, i've read FAQs, manuals, but no luck at all.

Thanks in advance.
0
Comment
Question by:PredatorGR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 

Author Comment

by:PredatorGR
ID: 21759558
Forgot to mention that it is not possible to bridge the modem/router to my firebox because my isp sucks big time. The modem/router i am using can be managed only via telnet and there is really chaos as it is a VoIP as well.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 21762945
I would like to ask is there a specific reason you have assigned your users to be on the 192.168.10.x subnet when your trusted network is on 192.168.2.0 subnet.

1. Make sure under allowed resources for the user/group you have specific 192.168.2.0/24 and not just 192.168.2.2.
2. ANY policy is for both ports and protocols.
3. As you have only set 192.168.2.2 this means only this is the resource which the remote clients would have access to.
5. I think by everything you mean 192.168.2.0 subnet; if yes answer is 1.
6. Answered already.

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:PredatorGR
ID: 21763452
Thanks dpk_wal for the solution that you provided me. Everything is OK now!!

Only problem i got is that i cannot access my NAS by entering \\NAS but only through it's IP. I know that this is a DNS issue, i will fix it.

Thanks again!
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 

Author Closing Comment

by:PredatorGR
ID: 31466122
I really thank you!!! :)
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21765989
You are welcome!

For DNS there are two things you can do:
1. If you have a internal DNS server sitting behind WG; then configure DNS on WG; so your client would get DNS settings along with virtual IP address; this should help in name resolution. also, you can yourself put secondary DNS as remote server on the NIC itself.

2. If above does not work; then you can edit the hosts file on the client machine from where you are initiating the MUVPN client session [%windor%/system32\drivers\etc\hosts]; this can be a tedious process if you have to make multiple entries in the file but is a sure shot and one time process!

Regards
0
 

Author Comment

by:PredatorGR
ID: 21767374
Thanks for your support, everything is running smoothly now!
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question