Solved

How to share a \\NAS Lacie drive to all users connected via MUVPN in Firebox?

Posted on 2008-06-11
6
665 Views
Last Modified: 2013-11-16
Hi,

I am currently try to share a NAS drive over mobile users connected via VPN to my Firebox x1250e running latest fireware 10.1 with the latest version of MUVPN application (users side).

My setup is as follows:

a) Modem/Router connected to external interface of x1250e double NATing due to stupidity of my ISP. (cannot change that).

b)All my company's PCs are connected to Trusted interface of x1250e including the LACIE big ethernet rack via a Linksys 24 switch and all users can access it when typing  \\NAS in the address bar.

c)All mobile VPN users can connect to my firebox without any issues at all.

d) The policy "Any" is setted up in the "Mobile VPN with IPsec" tab in my Policy Manager so all ports are open.

   Trusted interface ip block is 192.168.2.1 subnet 255.255.255.0,
   External interface ip block is 192.168.1.2  255.255.255.0  Gateway 192.168.1.1 (taken from modem/router). All IPs are static, only the MUVPN gives out DHCP IPs in range 192.168.10.1 to 192.168.10.100

Questions:

#1. How can i make all users to be able to access this NAS drive?

#2. The "Any" policy in my Policy Manager is only for ports, or for both ports and protocols?

#3. When creating the Groups/Users i setted up as a resource my Win 2003 R2 server's IP witch is 192.168.2.2. as a Host IP, is this correct? When i do this i can ping all connected users (and vice versa) ONLY from this machine.

#5.What i must do in order to see EVERYTHING behind the Firebox when i am connected via VPN to my firebox?

#6. As said above, only my Server can ping the users, how can i make it to ping everybody each other? I want for example to establish RDP connection  between users connected via VPN to my firebox. (not from my server, but between them).

It's a little bit confusing to me, i've read FAQs, manuals, but no luck at all.

Thanks in advance.
0
Comment
Question by:PredatorGR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 

Author Comment

by:PredatorGR
ID: 21759558
Forgot to mention that it is not possible to bridge the modem/router to my firebox because my isp sucks big time. The modem/router i am using can be managed only via telnet and there is really chaos as it is a VoIP as well.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 21762945
I would like to ask is there a specific reason you have assigned your users to be on the 192.168.10.x subnet when your trusted network is on 192.168.2.0 subnet.

1. Make sure under allowed resources for the user/group you have specific 192.168.2.0/24 and not just 192.168.2.2.
2. ANY policy is for both ports and protocols.
3. As you have only set 192.168.2.2 this means only this is the resource which the remote clients would have access to.
5. I think by everything you mean 192.168.2.0 subnet; if yes answer is 1.
6. Answered already.

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:PredatorGR
ID: 21763452
Thanks dpk_wal for the solution that you provided me. Everything is OK now!!

Only problem i got is that i cannot access my NAS by entering \\NAS but only through it's IP. I know that this is a DNS issue, i will fix it.

Thanks again!
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Closing Comment

by:PredatorGR
ID: 31466122
I really thank you!!! :)
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21765989
You are welcome!

For DNS there are two things you can do:
1. If you have a internal DNS server sitting behind WG; then configure DNS on WG; so your client would get DNS settings along with virtual IP address; this should help in name resolution. also, you can yourself put secondary DNS as remote server on the NIC itself.

2. If above does not work; then you can edit the hosts file on the client machine from where you are initiating the MUVPN client session [%windor%/system32\drivers\etc\hosts]; this can be a tedious process if you have to make multiple entries in the file but is a sure shot and one time process!

Regards
0
 

Author Comment

by:PredatorGR
ID: 21767374
Thanks for your support, everything is running smoothly now!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question