Re: Watch Guard Firebox 1000 and VPN

From: Steven Drury (
Date: 08/03/04

Date: Tue, 3 Aug 2004 15:14:02 -0400

"Leythos" <> wrote in message
> In article <y4zPc.11700$>,
> says...
> [snip]
> > I can vpn to the router and then ping only one of the servers. I can
> > map a drive using the IP Address of that server the server askes me to
> > which works no problem.
> > The subnet of our network is and the ip addresses are
> > The network I am using to vpn is with a subnet
> > What what to set up is so that our users can vpn in from
> > home to check their email and do work if they need to. However the
> > they need to get to I can not access. Does this make any sense.
> Ok, so, you can ping one server, and map a share to it, but not the
> other servers.
> So, the question is simple - what is the difference between the network
> settings on the server you can connect to and the ones you can't connect
> too?
> If you can't ping them by IP address (and the ANY_PPTP rule should allow
> you total access if you set it up correctly), then it's got to be some
> form of subnet issue.
> Did you setup the Network Configuration TAB properly - meaning that your
> network Trusted interface should be and you need to then
> go into the BLOCKED SITES settings (in 7.1 you find this under Setup,
> Intrusion Prevention, and the Blocked Sites - remove the and
> the values (or whatever they are for 10.x.y.x and
> 192.168.x.y).
> In the Windows XP VPN connection I have "Security Tab", X Advanced
> Settings, X Allow these Protocols, check everything except "For MS_CHAP
> based...." (the last box). I also have "Require encryption, disconnect
> if server declines".
> Under the Networking Tab I have TYPE OF VPN set to PPTP VPN, and under
> TCP/IP I have DHCP for IP, but I use a fixed IP address of the trusted
> networks DNS server for DNS (so it would be 10.10.10.x for yours). I
> also have "Use remote gateway" checked under the advanced options. Under
> Advanced TAB, I do not have anything checked - no ICF and don't allow
> other users to connect through this connection...
> Double check everything, make sure that you've got your IP Addresses and
> MASK's set properly - a is a /24.
> let me know if this works.
> --
> --
> (Remove 999 to reply to me)
Hello again,
 I have checked the network configuration and it is as follows.
  Trusted interface is
  There is nothing in the blocked Sites

 as for the network setting all of our servers are assigned an Ip address
which is 10.10.10.x with a subnet of the DNS server is so all servers point to it as the Primary. I also just created a
Seondary DNS it is
 As for the AnyPPTP rule it looks like this
 Incoming Enabled and allowed
 From - PPTP_Users
 To - External

 Outgoing Enabled and allowed
 From - External
To - PPTP_Users

I have connected via a VPN from outside of our network and everytime I
connect I can ony ping 1 or 2 servers. I am unable to ping our main server
which has the loggins and exchange however I just mapped to our applications
server and copied files from my computer to it.

What I find really strange is that sometimes I can ping and connect to one
server but the next time I can not. I am beging to get frustrated.