Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How I do enable other VPN connections on my Watchguard Firebox X550e

Posted on 2010-08-18
6
Medium Priority
?
1,171 Views
Last Modified: 2013-11-16
Hello,

I have a Watchguard firebox x550e Firewall and I am trying to connect with different VPN companies. I'm trying to connect via Cisco VPN and Juniper Networks.

I can get connected to the vpn but unable to ping any internal IP Address's on the clients network. I know this is a configuration with the Watchguard. if anyone can shed some light I what I am doing wrong or how to fix this that would be great.
0
Comment
Question by:jumpassociates
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:mere-mortal
ID: 33473182
Are you trying to establish a site to site network with the WatchGuard

or

Are you trying to connect through the WatchGuard with a VPN client?

Jason
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 33476638
Although you can use other VPN clients, but WG support would not help you unless you use their IPSec client [MUVPN client which is an OEM product from Safenet (also used by Netscreen Secure Remote by Juniper)].

Have a look at link below to configure MUVPN on WG [also client configuration]:
http://watchguard.custhelp.com/app/answers/detail/a_id/2194/kw/muvpn%20with%20ipsec/related/1

If you wish to use PPTP VPN instead, called RUVPN on WG, then look below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1279/kw/vpn/p/214

Thank you.
0
 

Author Comment

by:jumpassociates
ID: 33477153
Hmm..perhaps I need to clarify.
When client of ours come to our office and are behind our firewall, they can connect to their various VPNs with their home offices. Sometimes they use Cisco VPN, sometimes Juniper.
They can always connect with their VPN, but once they are connected, they can't ping their servers or even browse their shares.
Is there something that needs to be done on my firewall (Watchguard) to allow other VPN connections to work while people are behind it?
 
Thanks!
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 33477438
Most probably when they connect using the VPN client from behind the firewall; the remote VPN is zero route tunnel where all traffic from their adapter is routed over VPN including local network traffic; implementing spli-tunnel VPN tunnels on the remote firewall would solve the problem.

There is no setting required on your end as the firewall is merely internet provider to the clients.

Thank you.
0
 

Author Comment

by:jumpassociates
ID: 33477901
Thanks for the feedback.
I'm trying to zero in on a permanent answer to give to my higher ups. Unfortunately, they connect to a major corporations' VPNs from behind our Watchguard firewall. It used to work last week, but now, after they see "connected" on their Cisco or Juniper client, they cannot browse the shares.
What can I suggest to these outside companies to allow them to browse their shares?
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 33481537
Do you have Outgoing policy for allowing all traffic originating on the trust/optional network to go to Untrust network; if yes, then there is no other setting in WG which you can tweak.

Are they able to ping the resources by IP and name; if only IP and not name then it is DNS/WINS issue; have same DNS/WINS IP [secondary] as that of the remote VPN network would resolve the issue.

Are they able to browse to remote resources and use name if on different internet connection [when not behind WG]. If no, then the problem is certainly not with WG.

Frankly, I would not troubleshoot the remote resource connectivity issue as WG has no role to play other than to provide internet connectivity to the clients.
Once the tunnel the up between remote network and VPN client, WG would not be able to inspect any packet that flows through it as it would be encrypted, all WG would do with packet is to forward to ISP and back.

Thank you.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question