Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PPTP VPN With WatchGuard

Status
Not open for further replies.

gthieschafer

Technical User
Jul 14, 2003
1
US
Hey All,

I am having trouble getting access to applications after a successful VPN Authentication with my firebox 700 through a ADSL connection(laptop running XP Pro). Once i am in and recieve an ip address from my dhcp server ipconfig /all (172.16.12.10)i notice that i am recieveing a subnet mask of 255.255.255.255. When the rest of the lan is on a class B subnet. I also can ping to all internal ip addresses however when i try to ping to the devices name there is no response. I am thinking it is a DNS/SUBNET ISSUE however how can i resolve it. I have heard the i need to purchase the MUVPN from watchguard. Can somone help me out???
 
When you do the ipconfig /all, do you find the correct WINS and DNS ip addresses? If not these should be configured in WG Policy Manager at Network => Configuration... WINS/DNS tab.

Your SM is fine. This is a name resolution issue. MUVPN is not required to resolve this.
 
I was under the impression that the Firebox hands out an IP address to PPTP clients, not a DHCP server. You need to manually enter WINS and DNS entries as the WINS/DNS tab of the configuration page only applies to settings handed out to MUVPN using the Virtual Adapter.

Also make sure you have an ANY rule configured on your firewall to allow members of the pptp_users group incoming access to the trusted interface and vice versa going out.
 
Actually the WINS/DNS entries in the FB are handed out with the IP by the FB for a PPTP connection. This much I *know* is accurate.

AFAIK it is not used for MUVPN in any circumstance, though I've not tested it using the MUVPN VA.
 
gthieschafer,

I'm curious if you found a solution to this problem. We just installed a Watchguard 700 and I'm having the exact problem. I can authenticate, establish a connection and then ping internal IP address yet when I bring up my applications they all fail to connect to the servers. I'm using IP addresses for resolution so I do not think it's a name resolution problem. If I look in the traffic monitor, it thinks that the VPN client is spoofing the address and denies access..

10/25/03 15:12 firewalld[103]: deny in pptp0 92 icmp 20 128 172.X.X.94 172.X.X.131 0 0 (spoofed source address)
10/25/03 15:13 firewalld[103]: deny in pptp0 40 tcp 20 128 172.X.X.94 205.X.X.200 1158 5190 ack (spoofed source address)

I changed the actuall IP's to X.X..

Any insight would be greatly appreciated!

 
I'm also having the same problem. I can connect to the VPN. I can ping all internal addreses, I can view the IIS served html pages of all the servers (using their IP address). The DNS Server settings are (checked through ipconfig) are all correct. But I cannot connect to any drives or the exchange server, even just using their IP addresses. I am loggong into the machine using a cached domain logon (ie the machine has logged onto the internal network using the domain logon, and that is the same logon and domain I used to logon to the machine when I am offline).
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top