Solved

How to share a \\NAS Lacie drive to all users connected via MUVPN in Firebox?

Posted on 2008-06-11
6
653 Views
Last Modified: 2013-11-16
Hi,

I am currently try to share a NAS drive over mobile users connected via VPN to my Firebox x1250e running latest fireware 10.1 with the latest version of MUVPN application (users side).

My setup is as follows:

a) Modem/Router connected to external interface of x1250e double NATing due to stupidity of my ISP. (cannot change that).

b)All my company's PCs are connected to Trusted interface of x1250e including the LACIE big ethernet rack via a Linksys 24 switch and all users can access it when typing  \\NAS in the address bar.

c)All mobile VPN users can connect to my firebox without any issues at all.

d) The policy "Any" is setted up in the "Mobile VPN with IPsec" tab in my Policy Manager so all ports are open.

   Trusted interface ip block is 192.168.2.1 subnet 255.255.255.0,
   External interface ip block is 192.168.1.2  255.255.255.0  Gateway 192.168.1.1 (taken from modem/router). All IPs are static, only the MUVPN gives out DHCP IPs in range 192.168.10.1 to 192.168.10.100

Questions:

#1. How can i make all users to be able to access this NAS drive?

#2. The "Any" policy in my Policy Manager is only for ports, or for both ports and protocols?

#3. When creating the Groups/Users i setted up as a resource my Win 2003 R2 server's IP witch is 192.168.2.2. as a Host IP, is this correct? When i do this i can ping all connected users (and vice versa) ONLY from this machine.

#5.What i must do in order to see EVERYTHING behind the Firebox when i am connected via VPN to my firebox?

#6. As said above, only my Server can ping the users, how can i make it to ping everybody each other? I want for example to establish RDP connection  between users connected via VPN to my firebox. (not from my server, but between them).

It's a little bit confusing to me, i've read FAQs, manuals, but no luck at all.

Thanks in advance.
0
Comment
Question by:PredatorGR
  • 4
  • 2
6 Comments
 

Author Comment

by:PredatorGR
ID: 21759558
Forgot to mention that it is not possible to bridge the modem/router to my firebox because my isp sucks big time. The modem/router i am using can be managed only via telnet and there is really chaos as it is a VoIP as well.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 21762945
I would like to ask is there a specific reason you have assigned your users to be on the 192.168.10.x subnet when your trusted network is on 192.168.2.0 subnet.

1. Make sure under allowed resources for the user/group you have specific 192.168.2.0/24 and not just 192.168.2.2.
2. ANY policy is for both ports and protocols.
3. As you have only set 192.168.2.2 this means only this is the resource which the remote clients would have access to.
5. I think by everything you mean 192.168.2.0 subnet; if yes answer is 1.
6. Answered already.

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:PredatorGR
ID: 21763452
Thanks dpk_wal for the solution that you provided me. Everything is OK now!!

Only problem i got is that i cannot access my NAS by entering \\NAS but only through it's IP. I know that this is a DNS issue, i will fix it.

Thanks again!
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Closing Comment

by:PredatorGR
ID: 31466122
I really thank you!!! :)
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21765989
You are welcome!

For DNS there are two things you can do:
1. If you have a internal DNS server sitting behind WG; then configure DNS on WG; so your client would get DNS settings along with virtual IP address; this should help in name resolution. also, you can yourself put secondary DNS as remote server on the NIC itself.

2. If above does not work; then you can edit the hosts file on the client machine from where you are initiating the MUVPN client session [%windor%/system32\drivers\etc\hosts]; this can be a tedious process if you have to make multiple entries in the file but is a sure shot and one time process!

Regards
0
 

Author Comment

by:PredatorGR
ID: 21767374
Thanks for your support, everything is running smoothly now!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now