Solved

How I do enable other VPN connections on my Watchguard Firebox X550e

Posted on 2010-08-18
6
1,154 Views
Last Modified: 2013-11-16
Hello,

I have a Watchguard firebox x550e Firewall and I am trying to connect with different VPN companies. I'm trying to connect via Cisco VPN and Juniper Networks.

I can get connected to the vpn but unable to ping any internal IP Address's on the clients network. I know this is a configuration with the Watchguard. if anyone can shed some light I what I am doing wrong or how to fix this that would be great.
0
Comment
Question by:jumpassociates
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:mere-mortal
ID: 33473182
Are you trying to establish a site to site network with the WatchGuard

or

Are you trying to connect through the WatchGuard with a VPN client?

Jason
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 33476638
Although you can use other VPN clients, but WG support would not help you unless you use their IPSec client [MUVPN client which is an OEM product from Safenet (also used by Netscreen Secure Remote by Juniper)].

Have a look at link below to configure MUVPN on WG [also client configuration]:
http://watchguard.custhelp.com/app/answers/detail/a_id/2194/kw/muvpn%20with%20ipsec/related/1

If you wish to use PPTP VPN instead, called RUVPN on WG, then look below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1279/kw/vpn/p/214

Thank you.
0
 

Author Comment

by:jumpassociates
ID: 33477153
Hmm..perhaps I need to clarify.
When client of ours come to our office and are behind our firewall, they can connect to their various VPNs with their home offices. Sometimes they use Cisco VPN, sometimes Juniper.
They can always connect with their VPN, but once they are connected, they can't ping their servers or even browse their shares.
Is there something that needs to be done on my firewall (Watchguard) to allow other VPN connections to work while people are behind it?
 
Thanks!
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 32

Expert Comment

by:dpk_wal
ID: 33477438
Most probably when they connect using the VPN client from behind the firewall; the remote VPN is zero route tunnel where all traffic from their adapter is routed over VPN including local network traffic; implementing spli-tunnel VPN tunnels on the remote firewall would solve the problem.

There is no setting required on your end as the firewall is merely internet provider to the clients.

Thank you.
0
 

Author Comment

by:jumpassociates
ID: 33477901
Thanks for the feedback.
I'm trying to zero in on a permanent answer to give to my higher ups. Unfortunately, they connect to a major corporations' VPNs from behind our Watchguard firewall. It used to work last week, but now, after they see "connected" on their Cisco or Juniper client, they cannot browse the shares.
What can I suggest to these outside companies to allow them to browse their shares?
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 33481537
Do you have Outgoing policy for allowing all traffic originating on the trust/optional network to go to Untrust network; if yes, then there is no other setting in WG which you can tweak.

Are they able to ping the resources by IP and name; if only IP and not name then it is DNS/WINS issue; have same DNS/WINS IP [secondary] as that of the remote VPN network would resolve the issue.

Are they able to browse to remote resources and use name if on different internet connection [when not behind WG]. If no, then the problem is certainly not with WG.

Frankly, I would not troubleshoot the remote resource connectivity issue as WG has no role to play other than to provide internet connectivity to the clients.
Once the tunnel the up between remote network and VPN client, WG would not be able to inspect any packet that flows through it as it would be encrypted, all WG would do with packet is to forward to ISP and back.

Thank you.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASDM device NT domain question 4 59
Single PC won't comunicate across VPN 6 58
VPN Tunnel Stops Working Cisco RV130W 18 49
SSL-VPN 1 43
I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question