Connect to VPN through a Watchguard Firebox X

Posted on 2011-05-05
Last Modified: 2012-05-11
One of our vendors is trying to connect to his companies VPN through our network and we
cannot make the connection.  I have a wireless connection with dynamic IP's for the LAN and
a static IP for the WAN.  We have full internet access through the wireless connection but not
able to connect to VPN.  Our system is a Dell Power Edge server operating on Windows Server
Standard FE and a Watchguard Firebox X Edge.  I did not configure the Watchguard so I am just
learning it.  My guess it's a setting in the firewall blocking access to the VPN.  Any ideas?
Question by:beltu1
    LVL 1

    Accepted Solution

    Chances are he is trying to connect using PPTP or L2TP and the passthrough is not enabled on your firewall. its sometimes a checkbox. That would be the easiest thing to rule out first.
    Is the Watchguard also the internet gateway? If not what is the gateway? Do you have access tot he gateway administration?

    Find out what he is using to connect to the VPN at his office such as Cisco VPN Client, AT&T Dialer, Windows VPN connection or some other third-party software? The type of client will help determine what type of VPN in which he is trying to connect or will allow me to better instruct you to discover.

    My questions to you,
    What VPN client is he using?
    Is the Watchgaurd your primary gateway?
     if so, Do you have admin access to the Watchguard?

    An Easy fix if you do have access tot eh watchguard and it is the primary gateway. Just add his internal IP to the DMZ to share the IP address of your firewall placing him on the outside and opening every port to him. ( i do not suggest this but if you are in a pinch and need him to have immediate access until you figure out the issue this will work)

    get back to me with answers to above questions.

    **Suggestions/Recommendations for future and better practice**
    On another note if you are running wireless it should be on a totally different internet connection for security reasons and if people on the wireless connection reside in the office they should be using a VPN to form a tunnel into the network. That is the only secure wireless setup because all wireless encryptions are breakable or you must assume so. Thus you would have a Wireless router that only has access to the internet and not monitored by the Security device mentioned above causing a variable.

    Author Comment

    I will gather the information and get it back to you.  I do have administrative access to the watchguard
    and I believe it is the primary gateway, but will check to be sure.  Thanks for the response
    LVL 14

    Assisted Solution

    in the watchguard you need to add a policy either "pptp" or "ipsec" or whatever you use, from external to any-trusted.
    and i also think you're better off letting the edge handle the incoming vpns(since it has a builtin ipsec/pptp/ssl vpn server)

    Author Closing Comment

    Got it working...many thanks!

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Introduction: Sometimes when I receive a call from my users to solve their problems it is very difficult for me to found their computer IP address. Even finding their computer Host to provide remote support can be a problem.  So I resorted to Goo…
    I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now