Connect to VPN through a Watchguard Firebox X

Posted on 2011-05-05
Medium Priority
Last Modified: 2012-05-11
One of our vendors is trying to connect to his companies VPN through our network and we
cannot make the connection.  I have a wireless connection with dynamic IP's for the LAN and
a static IP for the WAN.  We have full internet access through the wireless connection but not
able to connect to VPN.  Our system is a Dell Power Edge server operating on Windows Server
Standard FE and a Watchguard Firebox X Edge.  I did not configure the Watchguard so I am just
learning it.  My guess it's a setting in the firewall blocking access to the VPN.  Any ideas?
Question by:beltu1
  • 2

Accepted Solution

techfortat earned 1000 total points
ID: 35701387
Chances are he is trying to connect using PPTP or L2TP and the passthrough is not enabled on your firewall. its sometimes a checkbox. That would be the easiest thing to rule out first.
Is the Watchguard also the internet gateway? If not what is the gateway? Do you have access tot he gateway administration?

Find out what he is using to connect to the VPN at his office such as Cisco VPN Client, AT&T Dialer, Windows VPN connection or some other third-party software? The type of client will help determine what type of VPN in which he is trying to connect or will allow me to better instruct you to discover.

My questions to you,
What VPN client is he using?
Is the Watchgaurd your primary gateway?
 if so, Do you have admin access to the Watchguard?

An Easy fix if you do have access tot eh watchguard and it is the primary gateway. Just add his internal IP to the DMZ to share the IP address of your firewall placing him on the outside and opening every port to him. ( i do not suggest this but if you are in a pinch and need him to have immediate access until you figure out the issue this will work)

get back to me with answers to above questions.

**Suggestions/Recommendations for future and better practice**
On another note if you are running wireless it should be on a totally different internet connection for security reasons and if people on the wireless connection reside in the office they should be using a VPN to form a tunnel into the network. That is the only secure wireless setup because all wireless encryptions are breakable or you must assume so. Thus you would have a Wireless router that only has access to the internet and not monitored by the Security device mentioned above causing a variable.

Author Comment

ID: 35701474
I will gather the information and get it back to you.  I do have administrative access to the watchguard
and I believe it is the primary gateway, but will check to be sure.  Thanks for the response
LVL 14

Assisted Solution

setasoujiro earned 1000 total points
ID: 35713113
in the watchguard you need to add a policy either "pptp" or "ipsec" or whatever you use, from external to any-trusted.
and i also think you're better off letting the edge handle the incoming vpns(since it has a builtin ipsec/pptp/ssl vpn server)

Author Closing Comment

ID: 35770802
Got it working...many thanks!

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you are trying to access the server, have you ever encountered "The terminal server has exceeded the maximum number of allowed connection" error?  or "The user is attempting to log on to a Terminal Server in Remote Administration mode, but the …
Introduction: Sometimes when I receive a call from my users to solve their problems it is very difficult for me to found their computer IP address. Even finding their computer Host to provide remote support can be a problem.  So I resorted to Goo…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question