?
Solved

Watchguard Firewall and ISA 2006

Posted on 2009-04-02
4
Medium Priority
?
726 Views
Last Modified: 2013-11-16
Hello,

I have a issue that I need some help with.  I have an Isa 2006 firewall installed and need to create a vpn link to an off site company using a Watchguard firewall.  The vpn client being used on our internet network behind the firewall is Watchgaurd mobile VPN client version 10.00.  

I have created the rules and allowed ports 50,51 & 500 through, but I cannot get it to connect.  I know its the Isa that is causing the issue because I have plugged in an internet connection that doesnt have a firewall and it connects to the external company.

Any ideas anyone?
0
Comment
Question by:sk123456
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 1

Expert Comment

by:dpetr00
ID: 24049803
Based on the ports mentioned, it looks like you're trying to establish an IPSEC tunnel across the Internet.  Since you're configuring ISA, am I correct in assuming that ISA is either the default gateway or configured proxy for your workstation?

IPSEC tunnels are notoriously tricky.  You may only be able to create one at a time depending on your NAT structure.  Take a look at this article and see if you have configured ISA correctly:  http://www.isaserver.org/articles/IPSec_Passthrough.html
0
 

Author Comment

by:sk123456
ID: 24049867
Thanks for the reply, I have tried to follow this link already,  I created the protocols as stated and then added them to a rule, but still no luck with it.  I cannot even see the host attempting to connect to the external sites ip address in the isa logs ?
0
 
LVL 1

Accepted Solution

by:
dpetr00 earned 2000 total points
ID: 24050294
Good info.  So I am assuming the ISA server is *not* the Default Gateway for this workstation.  Most VPN clients do *not* know how to use the web browser's proxy server for connections.  This means the traffic is being routed out through the "default gateway" routing to the Internet.

Try this:  run a tracert to the IP address of the "VPN destination" and post the result.  I am betting you won't even see ISA in the list of hops.

tracert #.#.#.#
0
 

Author Closing Comment

by:sk123456
ID: 31565775
Thanks- dpetr00, Great help, Yep you were right. I removed the default gateway and replaced it with the ISA's ip address and it worked.  Many Thanks again.  I added your reply as the solution, is that all I need to do for you to get the points?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question