Firebox X500 Authentication

This doesn't seem like it would be that hard to figure out, but I've had constant problems since implementing my solution, and I thought I would check to see how you all would handle it...

Here's what I'm currently using:

Windows 2003 Server connected to a Firebox X500 Firewall MySQL running on the server

11 employees out in the field Custom Visual Basic application on each of their laptops (running Windows XP)

The rep in the field goes to a store and collects data, stored in an MySQL database on their their individual laptops. Once they've completed their store, they find a WiFi hotspot and connect to our server here in the office. The data on their laptops then gets pushed up (transfered) to our database on the server.

To do this, I've done two things. On the Firebox (for authentication) I've created a user under "Firebox Users" and given it a password. On the laptops, I went to Network Places, created a new VPN connection, provided it the IP address for our network, and set it to automatically use the windows logon name and password.

The employee in the field now finds the WiFi hotspot and clicks on this VPN connection. A box then pops up asking for a username, password and domain. They type in the Firebox user and the password I created, and then on the network, able to transfer their data.

The problem now is that is works in most cases, but there are a couple of users, for reasons unknown, that are able to connect into the network (supposedly) but can't find the database server. All have the exact same laptop configuration and yet still run into this problem.

What I WANT to happen is for this process to be seamless. I would like for the user to not have to put in a username and password at all, and I'd like for the the Visual Basic application to execute the VPN connection rather than the user having to envoke it themselves.

How SHOULD I have this set up? Any ideas? Does NT Server authentication on the Firebox work? Any help anyone could provide would be MOST appreciated...

Best regards,

Jeffrey Haas

Reply to
Loading thread data ...

So, you're using a PPTP connection to the X500 acting as a PPTP server?

You've created a PPTP user, but are sharing that connection with a LOT of users? Not a good idea, I've never seen anyone build a VPN solution where the "User" is shared between a LOT of users.

Once you create the VPN tunnel, then you need a rule that permits access from the User via IP/Port to the services you want exposed.

Now, since your application may or may not resolve DNS, and you may or may not have permitted DNS, you might just want your application to use the Internal IP of the server, or properly configure the firewall so that it uses the internal DNS server so that the PPTP users can resolve proper internal DNS.

Also, there is no automatic AD passthrough for user/password from the PPTP session that terminates at the WatchGuard.

Reply to
Leythos Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.