Re: Watch Guard Firebox 1000 and VPN
From: Leythos (void_at_nowhere.com)
Date: Mon, 02 Aug 2004 22:56:21 GMT
In article <y4zPc.11700$Jq2.firstname.lastname@example.org>,
> I can vpn to the router and then ping only one of the servers. I can then
> map a drive using the IP Address of that server the server askes me to login
> which works no problem.
> The subnet of our network is 255.255.255.0 and the ip addresses are
> 10.10.10.0. The network I am using to vpn is 192.168.0.0 with a subnet of
> 255.255.255.0. What what to set up is so that our users can vpn in from
> home to check their email and do work if they need to. However the server
> they need to get to I can not access. Does this make any sense.
Ok, so, you can ping one server, and map a share to it, but not the
So, the question is simple - what is the difference between the network
settings on the server you can connect to and the ones you can't connect
If you can't ping them by IP address (and the ANY_PPTP rule should allow
you total access if you set it up correctly), then it's got to be some
form of subnet issue.
Did you setup the Network Configuration TAB properly - meaning that your
network Trusted interface should be 10.10.10.0/24 and you need to then
go into the BLOCKED SITES settings (in 7.1 you find this under Setup,
Intrusion Prevention, and the Blocked Sites - remove the 10.0.0.0/8 and
the 192.168.0.0/16 values (or whatever they are for 10.x.y.x and
In the Windows XP VPN connection I have "Security Tab", X Advanced
Settings, X Allow these Protocols, check everything except "For MS_CHAP
based...." (the last box). I also have "Require encryption, disconnect
if server declines".
Under the Networking Tab I have TYPE OF VPN set to PPTP VPN, and under
TCP/IP I have DHCP for IP, but I use a fixed IP address of the trusted
networks DNS server for DNS (so it would be 10.10.10.x for yours). I
also have "Use remote gateway" checked under the advanced options. Under
Advanced TAB, I do not have anything checked - no ICF and don't allow
other users to connect through this connection...
Double check everything, make sure that you've got your IP Addresses and
MASK's set properly - a 255.255.255.0 is a /24.
let me know if this works.
-- -- email@example.com (Remove 999 to reply to me)