I'm trying out the VPN feature. We have never set any authentication policies for the WWW proxy server for clients on our LAN, but I want to require authentication when they're accessing remotely via VPN. How do I set up the WWW policies so that users can continue to not have to log in or authenticate when they're at their LAN machines, but require authentication when accessing on the VPN?
Thx.
/Bill
authentication
Moderator: Qbik Staff
6 posts
• Page 1 of 1
by jamesc » Aug 09 05 7:47 pm
One way to do this is to add two policies into the WWW Poxy Service for the everyone group.
Everyone Group Policy 1: User may be unkown, Restrict by location, e.g.192.168.6.* (Your LANs subnet)
Everyone Group Policy 2: User must be authenticated
Choose the way the that clients will be authenticated when set by policies.
Everybody Group Policy 1, Please do not forget to change the Default rights as shown in double red box.
Everybody Group Policy 2
And thats it.
Let us know how you get on.
Everyone Group Policy 1: User may be unkown, Restrict by location, e.g.192.168.6.* (Your LANs subnet)
Everyone Group Policy 2: User must be authenticated
Choose the way the that clients will be authenticated when set by policies.
Everybody Group Policy 1, Please do not forget to change the Default rights as shown in double red box.
Everybody Group Policy 2
And thats it.
Let us know how you get on.
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by bztips » Aug 12 05 3:22 pm
Thanks.
Now when I'm in Gatekeeper on a remote PC, I can see the network behind the Wingate server, but all of the clients are listed as "Not accessible". There are no route conflicts reported.
Do I need to do something special on the clients behind the Wingate server in order to make them accessible via the VPN? They all have the Wingate server listed as their default gateway in the TCPIP settings.
Also, how can I access these clients remotely via the web? I set up the WWW proxy service on the Wingate server to "use Java client authentication as required by policies". How do I set up a web browser to connect via the Wingate proxy?
/Bill
Now when I'm in Gatekeeper on a remote PC, I can see the network behind the Wingate server, but all of the clients are listed as "Not accessible". There are no route conflicts reported.
Do I need to do something special on the clients behind the Wingate server in order to make them accessible via the VPN? They all have the Wingate server listed as their default gateway in the TCPIP settings.
Also, how can I access these clients remotely via the web? I set up the WWW proxy service on the Wingate server to "use Java client authentication as required by policies". How do I set up a web browser to connect via the Wingate proxy?
/Bill
- bztips
- Posts: 53
- Joined: Nov 19 03 6:48 am
by jamesc » Aug 12 05 4:17 pm
Also, how can I access these clients remotely via the web? I set up the WWW proxy service on the Wingate server to "use Java client authentication as required by policies". How do I set up a web browser to connect via the Wingate proxy?
If the WinGate servers internal IP address is 192.168.0.1:
Internet Explorer --> Tools --> Internet Options, as shown in image below
Now when I'm in Gatekeeper on a remote PC, I can see the network behind the Wingate server, but all of the clients are listed as "Not accessible". There are no route conflicts reported. Do I need to do something special on the clients behind the Wingate server in order to make them accessible via the VPN? They all have the Wingate server listed as their default gateway in the TCPIP settings.
1. On the VPN host, on your network card facing the private LAN (Internal), do you have a default gateway set on it? In most cases you should not.
2. Can you access any of those computers showing as not accessible via a UNC path. e.g if a client computer that is shown as "Not Accessible" has the IP Address of 192.168.0.2, can you access it via (Windows) Start menu --> Run --> \\192.168.0.2
3. Do the client computers have any firewalls or security suites running on them? You may want to disable them for the sake of testing. e.g McAffe, Norton Internet Security, Zone Alarm etc...? If they have the Windows firewall on them disable it for the sake of testing as well:
On the desktop right click My Computer
Manage
Services and Applications
Services
Scroll to bottom and double click "Windows Firewall/Internet Connection Sharing (ICS)"
Set the Startup type to disabled
Press the stop button to stop the service.
4. The local participation on the host is set to local network, yes?
5. What kind of license do you have on the WinGate VPN host, a trial?
6. If you are still having issues, we can send you an updated driver which is known to fix a similar problem with the VPN behind a NAT connection. Please tell me what windows operating system are on the joiner(s) and host.
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by bztips » Aug 16 05 2:16 am
James,
Please see my answers below:
1. On the VPN host, on your network card facing the private LAN (Internal), do you have a default gateway set on it? In most cases you should not.
Default gateway is blank.
2. Can you access any of those computers showing as not accessible via a UNC path. e.g if a client computer that is shown as "Not Accessible" has the IP Address of 192.168.0.2, can you access it via (Windows) Start menu --> Run --> \\192.168.0.2
Yes, they can all be accessed from the server via Run.
3. Do the client computers have any firewalls or security suites running on them? You may want to disable them for the sake of testing. e.g McAffe, Norton Internet Security, Zone Alarm etc...? If they have the Windows firewall on them disable it for the sake of testing as well:
On the desktop right click My Computer
Manage
Services and Applications
Services
Scroll to bottom and double click "Windows Firewall/Internet Connection Sharing (ICS)"
Set the Startup type to disabled
Press the stop button to stop the service.
None of the client computers have any firewall software running.
4. The local participation on the host is set to local network, yes?
Yes.
5. What kind of license do you have on the WinGate VPN host, a trial?
Trial.
6. If you are still having issues, we can send you an updated driver which is known to fix a similar problem with the VPN behind a NAT connection. Please tell me what windows operating system are on the joiner(s) and host.
The host and most of the clients behind it are running XP Professional; a few clients are running Win98. Can I download the updated driver from somewhere?
Thanks again for all your help.
Please see my answers below:
1. On the VPN host, on your network card facing the private LAN (Internal), do you have a default gateway set on it? In most cases you should not.
Default gateway is blank.
2. Can you access any of those computers showing as not accessible via a UNC path. e.g if a client computer that is shown as "Not Accessible" has the IP Address of 192.168.0.2, can you access it via (Windows) Start menu --> Run --> \\192.168.0.2
Yes, they can all be accessed from the server via Run.
3. Do the client computers have any firewalls or security suites running on them? You may want to disable them for the sake of testing. e.g McAffe, Norton Internet Security, Zone Alarm etc...? If they have the Windows firewall on them disable it for the sake of testing as well:
On the desktop right click My Computer
Manage
Services and Applications
Services
Scroll to bottom and double click "Windows Firewall/Internet Connection Sharing (ICS)"
Set the Startup type to disabled
Press the stop button to stop the service.
None of the client computers have any firewall software running.
4. The local participation on the host is set to local network, yes?
Yes.
5. What kind of license do you have on the WinGate VPN host, a trial?
Trial.
6. If you are still having issues, we can send you an updated driver which is known to fix a similar problem with the VPN behind a NAT connection. Please tell me what windows operating system are on the joiner(s) and host.
The host and most of the clients behind it are running XP Professional; a few clients are running Win98. Can I download the updated driver from somewhere?
Thanks again for all your help.
- bztips
- Posts: 53
- Joined: Nov 19 03 6:48 am
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 5 guests