Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

MUVPN Users are unable to log on.

Posted on 2008-06-18
Last Modified: 2013-11-16
Having trouble setting up muvpn users on our new Watchguard Firebox.  I have tried contacting Watchguard tech support but they never seem to call me during an appropriate time.  Any help would be appreciated.  Here is hat I have done so far.  

Step 1:  I first setup the Authentication Server.  I am using Active Directory for authentication.  My settings are as follows:
IP Address: (Domain controller)
Port: 389
Search Base: ou=SBSUsers,ou=Users,ou=MyBusiness,dc=miamicpas,dc=local (This is the active directory ou where all the users reside on the domain controller, SBS 2003)
Group string: memberOf
DN: blank
Password: blank
Login Attribute: sMAccountName
DeadTime: 10 minutes

Step 2:   I created a mobile user vpn group. Under VPN, Remote Users.  These are the settings that I created.
Group name is: SBSUsers
Authentication Server: Active Directory
Allowed Access: (IP Scheme of internal network)
Virtual IP Address Pool: - (Reserved address pool for vpn users on DC)
IPSEC Settings:
Key Negotian Type: pre-shared key
Key Exp: 128000KB or 8 hours
Encr: AES (256 bit)
Auth: SHA1

At this point the mobile user vpn policy is automatically created allowing all ports open for this specific user group.  I went ahead and exported the profile o a laptop which had the muvpn software installed.  Imported the profile which was successful and tried logging on using an aircard.  I keep getting the error IKE Error phase 1, lost connection to peer.  This is where I am stuck.

I apologize with the long message, but I wanted to give all the details possible.  I hope someone can help.

Question by:montekane
  • 3
  • 2
  • 2
LVL 32

Expert Comment

ID: 21819268
Can you update if you tried connecting from behind WG itself or from another internet connection; from behind WG you would not be able to connect using MUVPN.

also, can you post some logs from traffic monitor or client which would give some details as to what exactly failed in VPN negotiations.

Thank you.

Accepted Solution

sam99my earned 250 total points
ID: 21819308
Before you install the client software, make sure the computer does not have any other IPSec
mobile user VPN client software installed. and make sure WG network adpater are not disable (WatchGuard Secure Client Virtual NDIS6 Adapter)

getting phase 1 error normaly is because firewall are not listening VPN traffic, or your VPN traffic are blocked by something else, such as, windows firewall or any other firewall installed in your computer and Gateway firewall, make sure all are allowed VPN traffic outgoing.

try to check profile setting, the vpn gateway ip u try to connect is correct or not.

try to check traffic monitor what are the status when u connect, you can go to policy manager> setup > logging > advance diagnostics > VPN > IKE, set to level high, and enable "Display diagnostics messages in traffic monitor" at bottom.

Author Comment

ID: 21821697
Okay, I think I made some progress but not much.  I removed the other vpn software I had installed (Sonicwall), I then turned on the logging for the vpn ike connectivity.   Tried logging on from the laptop which is using an aircard that is outside of the internal network.  I'm getting a different error with the client software now, it is VPN Error - Lost contact to VPN Gateway.  I made sure there is no firewall on the client laptop.  Attached please see the log for the vpn traffic.  It shows the user mkane succesfully logs on, it also shows that it connects to AD correctly because it's picking up the users credentials.  At some point it states that it is deleting the tunnel to peer (ip address).

Any ideas?

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

LVL 32

Expert Comment

ID: 21822439
There is no reason specified in the logs why firebox closed the session; can you delete the user; re-configure user on firebox and then use the new .wgx file and try if that changes anything.

Thank you.

Author Comment

ID: 21822549
The authentication is done through Active Directory.  There is no specific user created on the firebox.  If you mean re-create the group that is setup for vpn connection, I have already tried doing that several times.

Expert Comment

ID: 21823195
what version of muvpn client you using now? 7 or 10? maybe can you show the log on muvpn software site.

Author Comment

ID: 21823525
Okay.  I got it to work!  I followed sam99my advise and I did the following.

Step 1:  Removed any other vpn software currently installed on the client laptop.
Step 2:  Double checked that the client firewall was either disabled or had the proper rules for ipsec
Step 3:  Turned on logging for the watchgurad firebox in the corporate office, this was able to at least tell me there as no problem with authentication, the problem was with the actual connection.
Step 4:  Viewed the logs for the muvpn software and noticed what the problem was, DHCP request failed.
Step 5:  Checked the profile settings, IP Address assignment, and noticed that th Private IP Address assignment was set to DHCP over IPSec.  I changed it to local IP address and it worked from there.

Once I connected the virtual adapter picked an ip address from the pool of ip's that I setup on the firebox.  After that I was unable to browse the network via DNS but I was successful using ip addresses.  I disconnected, went into the profile settings and manually setup the DNS server address and the WINS server address.  Connected and I was browsing 100%.

Sorry about the long answer, I was descriptive just in case someone had the same problem.

Thanks for all your help!


Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco VPN Client and Windows 10 9 143
Static route question 6 51
Incredibly slow speeds while testing on server in China? 5 75
Review of OCA certificate policy 1 29
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question