Solved

Watchguard Firebox X20e will not allow VPN tunnel to function and will not allow devices to go on line unitl the computer is logged on to the appliance.

Posted on 2008-10-01
1
502 Views
Last Modified: 2008-10-04
We are just installing a Watchguard Firebox X20e.  There are problems with the manual VPN tunnel allowing traffic, and trouble getting on line the first time.  Workstations must log on to the FireBox [do an https://xx.xx.xx.xx and log on to the box.  LOg off again and you can surf the net.
Debit machine cannot communicate because there is not way to log on to the firebox with it.
Both ends of the tunnel can see each other,  The ping packets are seen at the far end of the tunnel, but the answer is rejected to show all packets dropped
0
Comment
Question by:wilf_thorburn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22621299
I think you have configured authentication option for all users, so all users need to authenticate; log on to configuration page of Edge:
1. From the navigation bar, select Firebox Users > Settings.
2. I think, Require user authentication (enable local user accounts) is checked; here there are few things which can be done:
 a. You can disable the above option; then there would be no user-based control for access to the Internet or VPN tunnels.
 b. Select and check Automatically prompt for login on Web access checkbox; the authentication dialog box launches any time a user who has not yet authenticated tries to get access to the Internet.
 c. Further if you wish to have authentication implemented you can bypass authentication for few device as:
   i, From the navigation bar, select Firebox Users > Trusted Hosts.
   ii. In the Host IP Address text box, type the IP address of the debit machine on your trusted or optional network to allow it to browse the Internet without authentication restrictions.
   iii. Click Add; repeat to add more devices if needed.

For the VPN tunnel; first thing I would check if the IP subnet of the networks behind the devices are same; if yes, you would need to change the subnet at one of the ends.

Please check and update.

Thank you.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question