How to allow users VPNed into a Firebox access to the Internet?

[Jazzysmooth]

Hi,

I've been asked to come in and finish a networking project that another consultant left. The company has a Watchguard Firebox (I apologize, I don't know which model) and their local LAN is using 10.136.X.X addressing. The Firebox was initially handing out 10.136.X.X VPN addresses, but I changed it to private class B (172.16.X.X) to fix a problem getting to Windows 2000 machines. While the VPN IPs were in the same class A address as the local network, the VPN users were able to reach the Internet while VPNed in - they can't anymore. Even though I asserted that allowing this is basically creating a gateway into their internal network for hackers, they still want to allow it.

So my question is, does anyone know what needs to be done on the firebox to allow VPN users to access the internet?

 

[ashleym]

Are the VPN users using the remote user vpn software? What is their OS, windows 9x or 2000?

Sounds to me like a routing issue. What is the default gateway for the VPN users? I am assuming when the VPN users had IP's that were on the local subnet, their default gateway was the same as the firebox? You have to define a gateway for the remote users so their packets know how to get out to the interenet.

Does the client have a LIve security key for their firebox? If you are unsure, get the serial number from the unit (on the back) and call watchguard support.

AM

 

[Guest_imported]

In Microsoft VPN Client you go to: properties/networking/TCPIP/properties/advanced/ and
Uncheck "use default gateway on remote network".
I haven't seen the Firebox client yet, but the solution must be similar...

Cheers,

F1