Solved

VPN

Posted on 2010-11-17
6
519 Views
Last Modified: 2013-11-16
I HAVE WATCHGUARD X550E. IN MY OFFICE.
I WANT TO SETUP VPN POLICY FOR MY USERS SO THAT REMOTELY THEY CAN  ACCESS THEIR E-MAIL.

WE HAVE WINDOW SERVER 2010 AND CLIENTS AS OUTLLOK 2007

THEY ARE CURRENTLY USING RDC WHICH IS ON A TERMINAL SERVER.

I WANT TO IMPLEMENT VPN POLICY IN MY ORGANIZATION.

I AM NEW TO VPN AND WATCHGUARD.

1) WHICH KIND OF POLICY SHOULD I IMPLEMENT
2) WHAT CONFIGURATION I HAVE TO DO IN POLICY MANAGER
0
Comment
Question by:pramod1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 5

Expert Comment

by:rotech_IT
ID: 34159743
You will want to setup a Mobile User VPN(with IPSec) on the watchguard device.

Login to the firebox, on the left Open "VPN".  Click Mobile VPN with SSL.

Check the enable VPN checkbox.  Enter all of the required information as needed.  On the advanced tab enter your internal DNS server IP.

Be sure to create user accounts on the firewall for each person that will want access to the VPN.

The users who wish to access the VPN will now need to install the client and use it to connect.  You should be able to download the client here  https://<YourFireboxIP>:4100   Just plug your firewall's IP in where it says <YourFireBoxIP>.  Users will need to login using the credentials you specified when creating their user on the firewall.

Don't try to test VPN connectivity from behind your firewall, as this will most likely fail.  Set it all up and test from another network, such as your home.

0
 
LVL 6

Accepted Solution

by:
Jon Snyderman earned 500 total points
ID: 34164255
If I may make some clarification and a recommendation...

1. For save of avoiding confusion, I agree with the SSL VPN process but Rotechs first line referes to Mobile User VPN (with IPSec).  This is a different and older client and completely different from the recommended SSL client.

2. Before trying to set this up, you should check your licensing.  If you do not have additional mobile user licenses or Fireware PRO, you will not be able to run more than one connection concurrently.

3. You also need to check your firewalls OS level.  The port 4100 changes to standard port 443 at 11.3.  

4. Setting up the SSL VPN can be a little confusing for somebody not familiar with TCP/IP concepts, routing and firewall policies.  I would suggest that we give a more detailed solution.  But we need information like OS level of the firewall, internal IP address range.

5. Lastly, What email package are you running.   For the purpose of email, I would recommend invenstigating alternative solutions other than VPN.  Giving someone access to VPN is giving them the keys to the kingdom and not the best solution for all problems.

~Jon
0
 

Author Closing Comment

by:pramod1
ID: 34165024
i am running fireware v10.2.6

my ip 192.168.1.1

i have oulook 2007 running on workstations and want remote users to log in to vpn and open outlook
as well as print to local local printer which is attached to their machines

in RDC they cannot print to their local printer as they are connected remotely to terminal server.

when connected to vpn they can open their outllok on their machine  and print locally
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:Jon Snyderman
ID: 34165117
OK, SSL is not implemented in 10.2.6 so, step 1 is definately to upgrade to 11.3.2+  There are MAJOR new features and functionality.

What is your internal mail server?  Exchange 2003, 2007, 2010, MDeamen, etc...?  You still may not need VPN.

~Jon
0
 

Author Comment

by:pramod1
ID: 34165493


exchange 2010 standard

how come ssl is not implemented in 10.2.6

why i won't need VPN

jon can  u reply
0
 
LVL 6

Expert Comment

by:Jon Snyderman
ID: 34165690
With Exchange 2007 and 2010, you can really easily implement Outlook Anywhere which would allow Outlook clients to connect DIRECTLY to the mail server using a public SSL cert ($100/yr) and no VPN.   They would have 100% full functionality within Outlook and no need for the VPN.    

SSL implementation is new to WG.  I dont recall if it was there in 10.2 or if it was a new feature of v11.  However, it definately did not work well until 11.3.   Under your circumstances, I would not recommend it as the best solution though.  

Setup Outlook Anywhere and be done.   For Outlook Anywhere assistance, I would open a new question.  But long and short of it is...
1) Configure Outlook Anywhere in Exchange.  Same type of configuration as Active Sync.
2) Purchase the cert
3) Request a cert from the CA with the CSR generated from Exchange
4) Install the cert in Exchange
5) Create a DNS entry for Autodiscover.{domain name).com to point to your external IP which should be the same as OWA and also the same as your MX record.
6) Create HTTPS rule in the firewall to direct HTTPS traffic from the public IP to your exchange server.
7) Should be done.  Also, your iPhones, Androids, Blackberries, Windows Mobile devices will all work better.

~Jon
0

Featured Post

Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Clarification about access via WAN 6 52
Need assistance with Windows Firewall rules 6 121
Palo Alto site-to-site vpn monitoring 5 66
Cisco Anyconnect for Android 6 62
Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question