Watchguard Firewall and ISA 2006

Hello,

I have a issue that I need some help with.  I have an Isa 2006 firewall installed and need to create a vpn link to an off site company using a Watchguard firewall.  The vpn client being used on our internet network behind the firewall is Watchgaurd mobile VPN client version 10.00.  

I have created the rules and allowed ports 50,51 & 500 through, but I cannot get it to connect.  I know its the Isa that is causing the issue because I have plugged in an internet connection that doesnt have a firewall and it connects to the external company.

Any ideas anyone?
sk123456Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
dpetr00Connect With a Mentor Commented:
Good info.  So I am assuming the ISA server is *not* the Default Gateway for this workstation.  Most VPN clients do *not* know how to use the web browser's proxy server for connections.  This means the traffic is being routed out through the "default gateway" routing to the Internet.

Try this:  run a tracert to the IP address of the "VPN destination" and post the result.  I am betting you won't even see ISA in the list of hops.

tracert #.#.#.#
0
 
dpetr00Commented:
Based on the ports mentioned, it looks like you're trying to establish an IPSEC tunnel across the Internet.  Since you're configuring ISA, am I correct in assuming that ISA is either the default gateway or configured proxy for your workstation?

IPSEC tunnels are notoriously tricky.  You may only be able to create one at a time depending on your NAT structure.  Take a look at this article and see if you have configured ISA correctly:  http://www.isaserver.org/articles/IPSec_Passthrough.html
0
 
sk123456Author Commented:
Thanks for the reply, I have tried to follow this link already,  I created the protocols as stated and then added them to a rule, but still no luck with it.  I cannot even see the host attempting to connect to the external sites ip address in the isa logs ?
0
 
sk123456Author Commented:
Thanks- dpetr00, Great help, Yep you were right. I removed the default gateway and replaced it with the ISA's ip address and it worked.  Many Thanks again.  I added your reply as the solution, is that all I need to do for you to get the points?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.