Just that getting a Firebox to actually search the right OU is a pain in the freaking ass. Of course, the two times I've configured such, I was using 9.1, so take that for what it's worth. It's suppose to just "work" in 10.2 and later, but I have not had to set that up from scratch, just updated the ones I did a year ago.
From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2008 3:05 PM To: NT System Admin Issues Subject: RE: Watchguard firewall question Ok, so I've gotten a successful connection using the Firebox DB for authentication. I'd like, however, to use AD authentication, but I keep getting a PAP/CHAP error of Wrong username or password. I've created a security group, named VPN, I've put myself in the group, and I've setup the authentication server within the firebox to go to the correct OU. Any ideas on this? I haven't upgraded the firebox yet, plan to do that in the morning, but any tips I can find in here to help point me would be appreciated. By the way, I ended up checking the IPsec passthru box to get to where I am now. Joe Heaton Employment Training Panel From: Mark Boersma [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 5:16 PM To: NT System Admin Issues Subject: RE: Watchguard firewall question Actually 10.2.3 is out now. Usually the IKE errors occur if the client can't see the server, as in no internet connection. Can you ping the IP of the Firebox you are trying to connect to? Mark ------------------------------------------------- Two rules to success in life: 1. Never tell people everything you know. From: Jim Majorowicz [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 4:29 PM To: NT System Admin Issues Subject: RE: Watchguard firewall question If it's never worked before, I suggest contacting your support. You might try upgrading the firewall to 10.2.2. There were some issues with 10.0 and even 10.0.1 with certain types of MUVPNs. From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 1:07 PM To: NT System Admin Issues Subject: RE: Watchguard firewall question Fireware v.10 on the box, Yes, using Watchguard Mobile VPN client v. 10.04. Using a laptop for the connection, at the moment directly connected to the network. I do have support, I just figured I'd post here, to see if anyone had any previous experience with this general error, before I called them. Joe Heaton Employment Training Panel From: Jim Majorowicz [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 10:49 AM To: NT System Admin Issues Subject: RE: Watchguard firewall question What version of the software is installed on your Core? Are you using the Watchguard Moble Client software? What kind of PC are you connecting from? Do you get support from your reseller? From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 10:15 AM To: NT System Admin Issues Subject: Watchguard firewall question Anyone familiar with setting up VPN w/IPsec on these? I have a 750x and I keep getting an IKE error - Lost contact to peer. I have the log file, but it's not very enlightening either. I know there's a couple of Watchguard guys on here, and I figured I'd give it a shot before I call support. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED] _____ Please consider the environment before printing this email. ________________________________ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
