Solved

Watchguard Firewall and ISA 2006

Posted on 2009-04-02
4
701 Views
Last Modified: 2013-11-16
Hello,

I have a issue that I need some help with.  I have an Isa 2006 firewall installed and need to create a vpn link to an off site company using a Watchguard firewall.  The vpn client being used on our internet network behind the firewall is Watchgaurd mobile VPN client version 10.00.  

I have created the rules and allowed ports 50,51 & 500 through, but I cannot get it to connect.  I know its the Isa that is causing the issue because I have plugged in an internet connection that doesnt have a firewall and it connects to the external company.

Any ideas anyone?
0
Comment
Question by:sk123456
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 1

Expert Comment

by:dpetr00
ID: 24049803
Based on the ports mentioned, it looks like you're trying to establish an IPSEC tunnel across the Internet.  Since you're configuring ISA, am I correct in assuming that ISA is either the default gateway or configured proxy for your workstation?

IPSEC tunnels are notoriously tricky.  You may only be able to create one at a time depending on your NAT structure.  Take a look at this article and see if you have configured ISA correctly:  http://www.isaserver.org/articles/IPSec_Passthrough.html
0
 

Author Comment

by:sk123456
ID: 24049867
Thanks for the reply, I have tried to follow this link already,  I created the protocols as stated and then added them to a rule, but still no luck with it.  I cannot even see the host attempting to connect to the external sites ip address in the isa logs ?
0
 
LVL 1

Accepted Solution

by:
dpetr00 earned 500 total points
ID: 24050294
Good info.  So I am assuming the ISA server is *not* the Default Gateway for this workstation.  Most VPN clients do *not* know how to use the web browser's proxy server for connections.  This means the traffic is being routed out through the "default gateway" routing to the Internet.

Try this:  run a tracert to the IP address of the "VPN destination" and post the result.  I am betting you won't even see ISA in the list of hops.

tracert #.#.#.#
0
 

Author Closing Comment

by:sk123456
ID: 31565775
Thanks- dpetr00, Great help, Yep you were right. I removed the default gateway and replaced it with the ISA's ip address and it worked.  Many Thanks again.  I added your reply as the solution, is that all I need to do for you to get the points?
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question