Solved

How I do enable other VPN connections on my Watchguard Firebox X550e

Posted on 2010-08-18
6
1,161 Views
Last Modified: 2013-11-16
Hello,

I have a Watchguard firebox x550e Firewall and I am trying to connect with different VPN companies. I'm trying to connect via Cisco VPN and Juniper Networks.

I can get connected to the vpn but unable to ping any internal IP Address's on the clients network. I know this is a configuration with the Watchguard. if anyone can shed some light I what I am doing wrong or how to fix this that would be great.
0
Comment
Question by:jumpassociates
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:mere-mortal
ID: 33473182
Are you trying to establish a site to site network with the WatchGuard

or

Are you trying to connect through the WatchGuard with a VPN client?

Jason
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 33476638
Although you can use other VPN clients, but WG support would not help you unless you use their IPSec client [MUVPN client which is an OEM product from Safenet (also used by Netscreen Secure Remote by Juniper)].

Have a look at link below to configure MUVPN on WG [also client configuration]:
http://watchguard.custhelp.com/app/answers/detail/a_id/2194/kw/muvpn%20with%20ipsec/related/1

If you wish to use PPTP VPN instead, called RUVPN on WG, then look below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1279/kw/vpn/p/214

Thank you.
0
 

Author Comment

by:jumpassociates
ID: 33477153
Hmm..perhaps I need to clarify.
When client of ours come to our office and are behind our firewall, they can connect to their various VPNs with their home offices. Sometimes they use Cisco VPN, sometimes Juniper.
They can always connect with their VPN, but once they are connected, they can't ping their servers or even browse their shares.
Is there something that needs to be done on my firewall (Watchguard) to allow other VPN connections to work while people are behind it?
 
Thanks!
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 33477438
Most probably when they connect using the VPN client from behind the firewall; the remote VPN is zero route tunnel where all traffic from their adapter is routed over VPN including local network traffic; implementing spli-tunnel VPN tunnels on the remote firewall would solve the problem.

There is no setting required on your end as the firewall is merely internet provider to the clients.

Thank you.
0
 

Author Comment

by:jumpassociates
ID: 33477901
Thanks for the feedback.
I'm trying to zero in on a permanent answer to give to my higher ups. Unfortunately, they connect to a major corporations' VPNs from behind our Watchguard firewall. It used to work last week, but now, after they see "connected" on their Cisco or Juniper client, they cannot browse the shares.
What can I suggest to these outside companies to allow them to browse their shares?
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 33481537
Do you have Outgoing policy for allowing all traffic originating on the trust/optional network to go to Untrust network; if yes, then there is no other setting in WG which you can tweak.

Are they able to ping the resources by IP and name; if only IP and not name then it is DNS/WINS issue; have same DNS/WINS IP [secondary] as that of the remote VPN network would resolve the issue.

Are they able to browse to remote resources and use name if on different internet connection [when not behind WG]. If no, then the problem is certainly not with WG.

Frankly, I would not troubleshoot the remote resource connectivity issue as WG has no role to play other than to provide internet connectivity to the clients.
Once the tunnel the up between remote network and VPN client, WG would not be able to inspect any packet that flows through it as it would be encrypted, all WG would do with packet is to forward to ISP and back.

Thank you.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question