Re: VPN and third party appliances

From: Sean E. Smith (ssmith_at_castroeng.com)
Date: 12/14/04 

Date: Tue, 14 Dec 2004 16:03:14 -0700

Colin,
The firewall is setup for NAT, I have checked my personal firewall at home
and basically reduced it to nothing. Yet I am still only able to get
authentication on the server (DC), but as soon as I attempt to look further
into the network the connection stalls then eventually disconnects.

I am not sure it is so much an issue with the firewall device, as it may be
a VPN config that I may have missed in AD or something with win2k3sbs.
Thanks for your time and exchange of Ideas. If you think of anything else,
please let me know. If I resolve the issue, I will post for future
refrence.

Sean

"Colin T" <ColinT@discussions.microsoft.com> wrote in message
news:3D6177B7-69A7-4C35-BA60-CDAF586A0627@microsoft.com...
> Hi Sean,
>
> I had this problem a while ago trying using Cisco VPN Client to create a
> remote access VPN with a Cisco PIX (501) as the VPN Server. When I did
> this
> via dial up all was OK - the PIX gave me an IP address and I could access
> network resources. When I tried to use the same VPN client but this time
> via
> a broadband connection protected by another PIX, then although I was
> authenticated by the remote PIX and issued an IP address, I couldn't
> access
> network resources at all. Eventually a Cisco engineer told me to enter the
> isakmp nat-t command to the PIX VPN Server. This enabled NAT Traversal and
> allowed me full access through the PIX to my remote network. I was just
> wondering if this is the same problem with your Fortigate Firewall ?
>
> Regards Colin.
>
> "Sean E. Smith" wrote:
>
>> Colin,
>> I gain the authentication from the appliance, but am unable to see any of
>> my
>> network.
>>
>> Sean
>>
>> "Colin T" <ColinT@discussions.microsoft.com> wrote in message
>> news:531BC4D8-8AC4-492C-93A6-91099CEF6C4E@microsoft.com...
>> > "Sean E. Smith" wrote:
>> >
>> >> Matt,
>> >> sorry, SBS2003 standard. The device is a fortigate FGT-60. The
>> >> fortigate
>> >> is right behind my cisco router(NAT disabled) in front of my server.
>> >> I
>> >> am
>> >> not sure if that is all the info you need, if not let me know and I
>> >> will
>> >> provide more.
>> >>
>> >>
>> >> "Matt Gibson" <mattg@blueedgetech.ca> wrote in message
>> >> news:%23Zx7DCU4EHA.2572@tk2msftngp13.phx.gbl...
>> >> >A bit more information would be handy.
>> >> >
>> >> > Are you on SBS2003? If so, is it premium or standard?
>> >> >
>> >> > What brand/model is the Firewall device. Where in your network is
>> >> > it
>> >> > installed.
>> >> >
>> >> > -Matt
>> >> >
>> >> > "Sean E. Smith" <ssmith@castroeng.com> wrote in message
>> >> > news:e0F3l4T4EHA.2592@TK2MSFTNGP09.phx.gbl...
>> >> >>I have installed a third party VPN / Firewall Appliance in my
>> >> >>network,
>> >> >>I
>> >> >>have been able to access the appliance and 'login' successfully,
>> >> >>however I
>> >> >>am not able to access my network. I am not sure if I have missed a
>> >> >>setting in my RRAS settings, or if I even need to have RRAS enabled.
>> >> >>I
>> >> >>have tried to use the VPN setup wizard and created a 'remote client
>> >> >>disk'
>> >> >>that did not help either.
>> >> >>
>> >> >> Any thoughts would be most appreciated.
>> >> >>
>> >> >> Sean
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >> Hi Sean,
>> >
>> > When you say you can 'login', do you mean to your SBS server or do you
>> > mean
>> > you are authenticated by your VPN Server/Appliance but can't get past
>> > that ?
>> > What VPN Client are you using to connect to your VPN Server ? Are you
>> > also
>> > behind a firewall at your remote site ? Does your FGT 60 allow NAT
>> > Traversal ?
>> >
>> > Regards Colin.
>>
>>
>>

Relevant Pages

  • Re: Travelling laptops over VPN
    ... >>> on the user's machine within the properties of the VPN Dialup Connectiod. ... >> network administrators would want to do that to prevent the users from enabling ... when the user connects to the VPN using the Cisco ... the firewall shuts off because it sees the domain. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Travelling laptops over VPN
    ... >>> on the user's machine within the properties of the VPN Dialup Connectiod. ... >> network administrators would want to do that to prevent the users from enabling ... when the user connects to the VPN using the Cisco ... the firewall shuts off because it sees the domain. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: [fw-wiz] PIX split tunneling
    ... Split tunneling is an excellent option for saving bandwidth and SA's on your ... To use a VPN the user would need access to the internet ( ... on a public network then if they change the config then they change it. ... If your users are inside the PIX then I don't understand the question. ...
    (Firewall-Wizards)
  • Re: Using a Linksys router, should I also use Zonealarm?
    ... public internet to access corporate network. ... In the "old days" when people used to use Dial-In instead of VPN you ware ... protected by corporate Firewall -- since there was no public Internet ...
    (microsoft.public.security)
  • PIX 515E dropping existing TCP connections
    ... I recently took over administration of a PIX 515E. ... network, and VPN to the PIX to access a private network. ... When the VPN is connected, I can SSH to hosts on the private network. ... PIX drops the connection after transferring just a few kilobytes. ...
    (comp.dcom.sys.cisco)