Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

User behind another Company's firewall

Status
Not open for further replies.
michbed

michbed

Technical User
Aug 21, 2001
4
US
I have a user with Secure Remote that is based inside of another company(company A) not affiliated with mine(company B). While they do not log on to company A's network they do utilize their DHCP server.

When after logging into Secure Remote the user is authenticated but then an error message comes up saying "Error Communicating with Site".

What are the issues of a user being behind a firewall in company A trying to log in to a different the VPN of company B?

Thank you for any help.
 
Sort by date Sort by votes
While they may not log onto company A's network they will still have to authenticate to company A's PDC at some time during the hand-shake so as to be let onto the DHCP server and then to obtain a IP address. (When the user account was made on company A's network the SID was given to this user) If this indeed is happening (as I think it does) they will have a SID that does not match any SID on company B's PDC.
I could be way off here but I wanted to throw this out just incase it makes since. Richard Butler MCP A+
Network/Communications Engineer III
UIHC Telecommunication Services
 
Upvote 0 Downvote
Unfortunately I have seen this before. It happens whenever you try to use SecureRemote from behind a NAT device. SecureRemote has to be able to communicate via IPSec and the firewall at this other location is not allowing the connnection to "come back" to SecureRemote. It will probably be a pain, but you will need to get the other company to allow IPSec back to the client for this to work.
 
Upvote 0 Downvote
Thank you for the replies. Luckily, it turned out that the other company was using a checkpoint firewall as well.
The remedy for the situation was this...

"We would up opening up the following ports on our Checkpoint firewall. We saw
entries in the log showing where these were being dropped when the user tried to access your network. The names/labels were the labels that
Checkpoint assigned:

VPN1_IPSEC_encapsulation UDP 2746
fw1_topo TCP 264"


I hope this will give future searchers some insight.

michbed
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

markd885
  • Locked
  • Question
PAC file redirect web page to another gateway
Replies
0
Views
73
markd885
markd885
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
110
hairlessupportmonkey
hairlessupportmonkey
raist3001
  • Locked
  • Question
Unable to remote into PBX behind Sonicwall TZ-190
Replies
1
Views
69
fojin
fojin
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
349
Shmid
Shmid
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
80
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top