Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Symantec/Firewall VPN configuration

Status
Not open for further replies.
fiazmalik

fiazmalik

IS-IT--Management
Mar 25, 2004
6
0
0
US
One of our software vendor is trying to access our XP machine. The machine is behind the firewall "Symantec VPN/Firewall Appliance" the vendor wants the following changes made to be able to access the machine. I personally don't have a lot of experience with VPN. However, I have already made those changes but the vendor is not able to access the machine...I don't know what I am doing wrong...Can someone help. I would really appreciate it. Thanks in advance.

Symantec VPN hardware device:
Configure to allow XP PC to be accessible from the Internet.
A NAT address MUST be assigned to the Windows XP machine in order for any rules to work!
Network address translation from a public IP address to the XP PC's internal IP address.

Rules:
Terminal Services
Add a rule to allow the following:
WAN range xxx-xx-xxx-xx To xxx-xxx-xx-xxx Windows XP Machine IP Address for port xxxx
This will allow us to work on the PC


HTTP (Web Site)
Add a rule to allow the following:
WAN Range * (any)
To Windows XP Machine IP Address for port 80
This will allow access to IIS from the Internet.

I got the following message from the vendor.....


I cannot access the XP machine using the public address (66.0.155.170). I know that address is available over the internet because I can ping that address. The possible causes to this problem may be with the firewall. Do you know if the public address has been set up with NAT (network address translation) to the XP's internal IP address? If it has, do you know if firewall rules were configured (a firewall rule to allow HTTP from the WAN, a firewall rule to allow terminal services from the WAN and a firewall rule to allow PcAnywhere from the WAN) on the Symantec VPN hardware device?
 
Sort by date Sort by votes
Which firewall do you have? You said "appliance" so I'm assuming a 100, 200, or 200r.

With these devices you configure the NAT and port passthrough under the virtual server or custom virtual server settings. For example if you have a web server behind the symantec appliance with an internal IP address of 192.168.1.1, you enable "WEB Server" in the virtual servers settings and enter that IP address. This sets up translation of port 80 of your public IP address to port 80 of the internal IP address of the web server.

There are several common services available under virtual servers. If you need translation to a port whos service is not listed there you would configure it under custom virtual servers.

You need to set up a virtual server for each port you wish to expose. Different ports may be configured to translated to a different internal IP address if necessary.
 
Upvote 0 Downvote
Thank you so much...I am going to try these settings and let you know about the progress...thanks again...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
145
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
67
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
167
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
51
WhosYourDiffie
WhosYourDiffie
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
41
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top