How to share a \\NAS Lacie drive to all users connected via MUVPN in Firebox?

Hi,

I am currently try to share a NAS drive over mobile users connected via VPN to my Firebox x1250e running latest fireware 10.1 with the latest version of MUVPN application (users side).

My setup is as follows:

a) Modem/Router connected to external interface of x1250e double NATing due to stupidity of my ISP. (cannot change that).

b)All my company's PCs are connected to Trusted interface of x1250e including the LACIE big ethernet rack via a Linksys 24 switch and all users can access it when typing  \\NAS in the address bar.

c)All mobile VPN users can connect to my firebox without any issues at all.

d) The policy "Any" is setted up in the "Mobile VPN with IPsec" tab in my Policy Manager so all ports are open.

   Trusted interface ip block is 192.168.2.1 subnet 255.255.255.0,
   External interface ip block is 192.168.1.2  255.255.255.0  Gateway 192.168.1.1 (taken from modem/router). All IPs are static, only the MUVPN gives out DHCP IPs in range 192.168.10.1 to 192.168.10.100

Questions:

#1. How can i make all users to be able to access this NAS drive?

#2. The "Any" policy in my Policy Manager is only for ports, or for both ports and protocols?

#3. When creating the Groups/Users i setted up as a resource my Win 2003 R2 server's IP witch is 192.168.2.2. as a Host IP, is this correct? When i do this i can ping all connected users (and vice versa) ONLY from this machine.

#5.What i must do in order to see EVERYTHING behind the Firebox when i am connected via VPN to my firebox?

#6. As said above, only my Server can ping the users, how can i make it to ping everybody each other? I want for example to establish RDP connection  between users connected via VPN to my firebox. (not from my server, but between them).

It's a little bit confusing to me, i've read FAQs, manuals, but no luck at all.

Thanks in advance.
PredatorGRAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
dpk_walConnect With a Mentor Commented:
I would like to ask is there a specific reason you have assigned your users to be on the 192.168.10.x subnet when your trusted network is on 192.168.2.0 subnet.

1. Make sure under allowed resources for the user/group you have specific 192.168.2.0/24 and not just 192.168.2.2.
2. ANY policy is for both ports and protocols.
3. As you have only set 192.168.2.2 this means only this is the resource which the remote clients would have access to.
5. I think by everything you mean 192.168.2.0 subnet; if yes answer is 1.
6. Answered already.

Please let know if you need more details.

Thank you.
0
 
PredatorGRAuthor Commented:
Forgot to mention that it is not possible to bridge the modem/router to my firebox because my isp sucks big time. The modem/router i am using can be managed only via telnet and there is really chaos as it is a VoIP as well.
0
 
PredatorGRAuthor Commented:
Thanks dpk_wal for the solution that you provided me. Everything is OK now!!

Only problem i got is that i cannot access my NAS by entering \\NAS but only through it's IP. I know that this is a DNS issue, i will fix it.

Thanks again!
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
PredatorGRAuthor Commented:
I really thank you!!! :)
0
 
dpk_walCommented:
You are welcome!

For DNS there are two things you can do:
1. If you have a internal DNS server sitting behind WG; then configure DNS on WG; so your client would get DNS settings along with virtual IP address; this should help in name resolution. also, you can yourself put secondary DNS as remote server on the NIC itself.

2. If above does not work; then you can edit the hosts file on the client machine from where you are initiating the MUVPN client session [%windor%/system32\drivers\etc\hosts]; this can be a tedious process if you have to make multiple entries in the file but is a sure shot and one time process!

Regards
0
 
PredatorGRAuthor Commented:
Thanks for your support, everything is running smoothly now!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.