Really simple question 192.168.1.0 /24

[IndyGill]

Im new to networking and have been given the task of setting up Mobile User VPN on a Firebox 700. I have got it setup and the MUVPN connection is working fine (however do not get any DNS resolution though), I have given the client key the following access of 192.168.1.0 /24

So this gives the remote client machine access to the whole of my network, however what does this /24 really mean. What other switches are there? I would like to find out a bit more about them. As I want to set up client keys that will restrict the user to a certain range of IP on the network.

Sorry for being a bit basic, but im new to this network lark.

Thanks in advance

 

[stiles123]

you're probably missing an ANY rule to allow traffic backwards and forwards.

Add a new service under policy manager. The service is called ANY. Allow from ipsec_users and pptp_users to trusted and vice versa.

That should solve that side of it.

As for DNS resolution, you need to configure the FIrebox to use the virtual adapter mode for MUVPN clients. This way, DNS and WINS settings are pushed down to the client.

 

[Ntr0P]

As for the /24 - that is CIDR. It represents the number of bits from the left of the IP that are network bits (otherwise known as a subnet mask). Thus a /24 (8 bits x 3 = 24) would represent 255.255.255.0.

That was a really quick explanation, but the jist is that /24 is a representation of a subnet mask and is not a switch.

 

[IndyGill]

HI

Thanks for the above I have just noticed another little problem I am having. The MUVPN works when I am using a standard 56K dial up method (I can ping the host network, however if my client is on a remote LAN it does not work properly?

The remote client gains access to the web via the LAN, and a connection is made via MUVPN however I cant ping anything from the remote client to the Host network. Doi need to make an ammendment to the LAN card on the remote client?

Many thanks

 

[Ntr0P]

If you are using the SafeNet client - make sure the Deterministic Network Enhancer is checked for the interface in Network Properties.

Additionally, if there is any kind of firewall on that LAN, some kind of IPSec passthrough would need to be configured.

 

[IndyGill]

OK the situation so far is that I have managed to get the my Laptop which is on a small LAN to connect to my Remote Network. I have used the virtual adapter and this all connects well and fine. I have added the ANY service to the Policy Manager and the relevant users, however I do not get any DNS.

Q1) stiles123 mentioned that I should configure the Firebox to use the virtual adapter mode for MUVPN clients, how do I check this?

Q2) How do i test my connection, will Ping work? As the small LAN uses a workgroup and an IP address range of 192.168.1.1 to 192.168.1.5. My remote network is on a Domain with an IP range of 192.168.1.1 to 1892.168.1.200

So if I try and ping from the Laptop 192.168.1.10 (a valid machine on the remote network) will it search the Local Workgroup network or the Domain network? It just returns a request timed out.

Basically what I am trying to do is give an application that will be on the laptop access to a sql-server database. So it just needs an IP address to respond back and allow requests to it.

Sorry to be a pain, thanks in advance