Archived from groups: comp.security.firewalls (
More info?)
"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b79c3b5ec71fbf798a846@news-server.columbus.rr.com...
> In article <l4SPc.18069$Jq2.798148@news20.bellglobal.com>,
> stevendrury@sympatico.ca says...
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b79b3e4bee26198a845@news-server.columbus.rr.com...
> > > In article <nuRPc.17990$Jq2.789085@news20.bellglobal.com>,
> > > stevendrury@sympatico.ca says...
> > > > "Leythos" <void@nowhere.com> wrote in message
> > > > news:MPG.1b7892a2ad2fa5b098a832@news-server.columbus.rr.com...
> > > > > In article <y4zPc.11700$Jq2.485521@news20.bellglobal.com>,
> > > > > stevendrury@sympatico.ca says...
> > > > > [snip]
> > > > > > I can vpn to the router and then ping only one of the servers.
I
> > can
> > > > then
> > > > > > map a drive using the IP Address of that server the server askes
me
> > to
> > > > login
> > > > > > which works no problem.
> > > > > > The subnet of our network is 255.255.255.0 and the ip addresses
are
> > > > > > 10.10.10.0. The network I am using to vpn is 192.168.0.0 with a
> > subnet
> > > > of
> > > > > > 255.255.255.0. What what to set up is so that our users can vpn
in
> > from
> > > > > > home to check their email and do work if they need to. However
the
> > > > server
> > > > > > they need to get to I can not access. Does this make any sense.
> > > > >
> > > > > Ok, so, you can ping one server, and map a share to it, but not
the
> > > > > other servers.
> > > > >
> > > > > So, the question is simple - what is the difference between the
> > network
> > > > > settings on the server you can connect to and the ones you can't
> > connect
> > > > > too?
> > > > >
> > > > > If you can't ping them by IP address (and the ANY_PPTP rule should
> > allow
> > > > > you total access if you set it up correctly), then it's got to be
some
> > > > > form of subnet issue.
> > > > >
> > > > > Did you setup the Network Configuration TAB properly - meaning
that
> > your
> > > > > network Trusted interface should be 10.10.10.0/24 and you need to
then
> > > > > go into the BLOCKED SITES settings (in 7.1 you find this under
Setup,
> > > > > Intrusion Prevention, and the Blocked Sites - remove the
10.0.0.0/8
> > and
> > > > > the 192.168.0.0/16 values (or whatever they are for 10.x.y.x and
> > > > > 192.168.x.y).
> > > > >
> > > > > In the Windows XP VPN connection I have "Security Tab", X Advanced
> > > > > Settings, X Allow these Protocols, check everything except "For
> > MS_CHAP
> > > > > based...." (the last box). I also have "Require encryption,
disconnect
> > > > > if server declines".
> > > > >
> > > > > Under the Networking Tab I have TYPE OF VPN set to PPTP VPN, and
under
> > > > > TCP/IP I have DHCP for IP, but I use a fixed IP address of the
trusted
> > > > > networks DNS server for DNS (so it would be 10.10.10.x for yours).
I
> > > > > also have "Use remote gateway" checked under the advanced options.
> > Under
> > > > > Advanced TAB, I do not have anything checked - no ICF and don't
allow
> > > > > other users to connect through this connection...
> > > > >
> > > > > Double check everything, make sure that you've got your IP
Addresses
> > and
> > > > > MASK's set properly - a 255.255.255.0 is a /24.
> > > > >
> > > > > let me know if this works.
> > > > >
> > > > >
> > > > > --
> > > > > --
> > > > > spamfree999@rrohio.com
> > > > > (Remove 999 to reply to me)
> > > > Hello again,
> > > > I have checked the network configuration and it is as follows.
> > > > Trusted interface is 10.10.10.7/24
> > > > There is nothing in the blocked Sites
> > > >
> > > > as for the network setting all of our servers are assigned an Ip
> > address
> > > > which is 10.10.10.x with a subnet of 255.255.255.0 the DNS server is
> > > > 10.10.10.1 so all servers point to it as the Primary. I also just
> > created a
> > > > Seondary DNS it is 10.10.10.2
> > > > As for the AnyPPTP rule it looks like this
> > > > Incoming Enabled and allowed
> > > > From - PPTP_Users
> > > > To - External
> > > > Firebox
> > > > Optional
> > > > Trusted
> > > >
> > > > Outgoing Enabled and allowed
> > > > From - External
> > > > Firebox
> > > > Optional
> > > > Trusted
> > > > To - PPTP_Users
> > > >
> > > > I have connected via a VPN from outside of our network and everytime
I
> > > > connect I can ony ping 1 or 2 servers. I am unable to ping our main
> > server
> > > > which has the loggins and exchange however I just mapped to our
> > applications
> > > > server and copied files from my computer to it.
> > > >
> > > > What I find really strange is that sometimes I can ping and connect
to
> > one
> > > > server but the next time I can not. I am beging to get frustrated.
> > >
> > > You need to look at the real-time logs, but I suspect that the problem
> > > is not with the firebox. What version of the Firmware are you running?
> > >
> > > --
> > > --
> > > spamfree999@rrohio.com
> > > (Remove 999 to reply to me)
> >
> > The firmware version that I am using looks like it is 6.0.B1140 Thats
what
> > it says under help and watchguard version
>
> There were several problems with the 6.0 series. You need to download
> the 7.1 series from their website. This may fix several problems for
> you. If you don't have a maintenance agreement with them (renewable
> every year) you won't be able to get the files.
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)
Thanks will look into that You have been agreat help thanks alot.
Steven