hardware based vpn tunnel to wingate pc from remote office
Sep 29 05 12:07 pm
Hi,
My client has a local PC running w2k server, installed on it are two applications (call it TBS, ticket banking server).
1 - Ticket booking system that bundled wingate and nortel contivity s/w VPN
2 - Banking system that uses a modem.
The remote office has the same booking system running at their end. They need to use the local Banking system from the remote office via VNC. I have setup the Snapgear based ipsec vpn. From the remote office I can see every PC in the local office but I cannot see TBS.
The local office machines can use the banking app via VNC.
I am sure the wingate is blocking incoming packets from the remote office. AFAIAC wingate should only be protecting the app that it was bundled with not the whole PC.
Any ideas?
Bear in mind that as bundled wingate I had very little to do for the install i.e. no user manual no trial or familiarisation.
My immediate solution is to put in another PC and RDP from remote to it and VNC from it to the TBS. Messy but it will work.
My client has a local PC running w2k server, installed on it are two applications (call it TBS, ticket banking server).
1 - Ticket booking system that bundled wingate and nortel contivity s/w VPN
2 - Banking system that uses a modem.
The remote office has the same booking system running at their end. They need to use the local Banking system from the remote office via VNC. I have setup the Snapgear based ipsec vpn. From the remote office I can see every PC in the local office but I cannot see TBS.
The local office machines can use the banking app via VNC.
I am sure the wingate is blocking incoming packets from the remote office. AFAIAC wingate should only be protecting the app that it was bundled with not the whole PC.
Any ideas?
Bear in mind that as bundled wingate I had very little to do for the install i.e. no user manual no trial or familiarisation.
My immediate solution is to put in another PC and RDP from remote to it and VNC from it to the TBS. Messy but it will work.
Sep 29 05 4:54 pm
WinGate is a gateway product that provides internet connection sharing, firewall and so forth to an entire network. It'll definately protect more than a single application. First thought sounds like a firewall issue.
It is most likely a configuration issue, but a lot depends on the WinGate version you are currently running. Which version of WinGate was provided for this?
It is most likely a configuration issue, but a lot depends on the WinGate version you are currently running. Which version of WinGate was provided for this?
Sep 29 05 7:34 pm
Thanks,
So how can I set the firewall to allow inbound to the TBS from another network. local - 192.168.1.x remote=10.0.0.x
Wingate is v6.0.3.1005
So how can I set the firewall to allow inbound to the TBS from another network. local - 192.168.1.x remote=10.0.0.x
Wingate is v6.0.3.1005
Sep 29 05 7:38 pm
First step would be to check that it is actually the firewall blocking it. You can do this by logging in to GateKeeper and looking through the Firewall pane.
To modify the firewall behavior you need to navigate in to the Extended Networking settings. There you will find a page for "Port Security Actions". In there you can add additional actions to specify that you want to allow connections on a particular port.
If you want to restrict that to a given range of IPs you would need to use the policies, which will get a little bit more complex but we can work through that if required.
The second alternative, and probably better one, is to check what creates the link between the two connections. Does the VPN link show up as an adapter? If so and you consider it to be a trusted network then you can set it to be a "Internal" adapter. That way it will be treated the same as your local LAN with regards to the firewall.
Hope that helps,
To modify the firewall behavior you need to navigate in to the Extended Networking settings. There you will find a page for "Port Security Actions". In there you can add additional actions to specify that you want to allow connections on a particular port.
If you want to restrict that to a given range of IPs you would need to use the policies, which will get a little bit more complex but we can work through that if required.
The second alternative, and probably better one, is to check what creates the link between the two connections. Does the VPN link show up as an adapter? If so and you consider it to be a trusted network then you can set it to be a "Internal" adapter. That way it will be treated the same as your local LAN with regards to the firewall.
Hope that helps,
Sep 29 05 7:44 pm
As a footnote to Pascals comment regarding Internal / External
to check, it is located at GateKeeper --> View menu --> Network
to check, it is located at GateKeeper --> View menu --> Network
Sep 29 05 7:54 pm
Thanks,
I am at home now and I have not setup the trial to allow me to RDP to the 'local' and 'remote' sites while at home (being in three places at once? :-))
james
I don't have the Extended Networking or the VPN entries in the System tab.
pascal
about the second alternative - the Snapgear firewall appliances (iptables based) create a transparent VPN it is as if the 10.0.0.x packets are from local machines on a different IP range.
I will post more from 'remote' in an hour
I am at home now and I have not setup the trial to allow me to RDP to the 'local' and 'remote' sites while at home (being in three places at once? :-))
james
I don't have the Extended Networking or the VPN entries in the System tab.
pascal
about the second alternative - the Snapgear firewall appliances (iptables based) create a transparent VPN it is as if the 10.0.0.x packets are from local machines on a different IP range.
I will post more from 'remote' in an hour
Sep 30 05 1:05 am
Checked again - no Extended Networking. Also while I am trying to connect there is no activity in the Firewall pane. I have tried to create another service by cloning an existing one and changing the port. Didn't work.
Any new ideas. Obviously I don't want to break the ticket system to fix the banking system.
Any new ideas. Obviously I don't want to break the ticket system to fix the banking system.