Sign in with
Sign up | Sign in
Your question

WatchGuard and VPN client software

Last response: in Networking
Share
Anonymous
June 4, 2004 9:01:29 PM

Archived from groups: comp.security.firewalls (More info?)

Well,

VPN to work didn't work. I talked to Admin.

He gave me a series of UDP port numbers, IP 50 and IP xxx.xxx.xxx.xxx to
connect to the VPN server from the WG.

I went to Custom Service on WG Admin screen.

I assume I am to create a custom service.

1) enter the UDP port numbers
2) Incoming filter ANY and set the Host IP
3) Outgoing filter ANY and set the Host IP

I am not to sure about the job's VPN IP xxx.xxx.xxx.xxx as I want to
limit it to that IP.

Is 1-3 correct above as to what I am suppose to do?

Duane :) 
Anonymous
June 4, 2004 11:49:38 PM

Archived from groups: comp.security.firewalls (More info?)

In article <Xns94FE7A531C0E7notmenotmecoml@204.127.199.17>,
notme@notme.com says...
> Well,
>
> VPN to work didn't work. I talked to Admin.
>
> He gave me a series of UDP port numbers, IP 50 and IP xxx.xxx.xxx.xxx to
> connect to the VPN server from the WG.
>
> I went to Custom Service on WG Admin screen.
>
> I assume I am to create a custom service.

The VPN you are talking about has nothing to do with the WG unit - you
are trying to do a Client VPN, through the WG unit.

If you check, there are several UDP/TCP ports that are needed, it varies
depending on who's client software you are running. Why not just create
an ANY rule from your IP to their IP? If it works then you can start
messing with the actual ports.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
June 5, 2004 4:45:55 PM

Archived from groups: comp.security.firewalls (More info?)

In article <Xns94FF4B387A761notmenotmecoml@204.127.204.17>,
notme@notme.com says...
> It did work 3 months ago the last time I checked through the Linksys
> after they had installed a new version of the VPN software.

Some VPN clients won't work through a Dual NAT setting - meaning that if
your company is using NAT and you are using NAT, it won't work (for some
clients).

Also, if they are using the same subnet that you are using it wont work.

The easy way to test it, if you have the resources, is to give the PC a
public IP and try the VPN then.

If all else fails, the WG Logs (enable them) should show any in/out
bound information in the web interface - if you don't see any blocks
then it's on their end.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
June 5, 2004 9:20:54 PM

Archived from groups: comp.security.firewalls (More info?)

Leythos <void@nowhere.com> wrote in news:MPG.1b2b8c235208146898a5ee@news-
server.columbus.rr.com:

> The easy way to test it, if you have the resources, is to give the PC a
> public IP and try the VPN then.

I did that by provisioning a second MAC with the ISP. The NIC MAC of the
work laptop with BlackIce installed and made a direct connect. It didn't
work.

Then I reconfigured the Linksys router back to its state when the VPN
client did work cloning the NIC MAC for the router's WAN port and got a
good Internet connection. I uninstalled BI and it's still a no go.

It's something on the job's end that has changed, since the last time I
tried to VPN to work.

I'll check it out on Monday.

Duane :) 
!