Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
353 Views 4 Replies Latest reply: Jan 29, 2014 5:35 PM by sliedl RSS
gooru4speed Apprentice 130 posts since
Jul 4, 2009
Currently Being Moderated

Jan 14, 2014 2:02 PM

Shrewsoft VPN Client and Passive Auth

Hi!

my firewall is running 8.3.0 software version and I configured it to receive VPN connections from Shrewsoft VPN clients and is it working fine. VPN definitions is using Active Directory as Authenticator but now I'm requested to allow VPN connections from certain domain users only. Then I deployed McAfee Logon Collector and it is working fine so I see from Firewall the granted passports. I created a VPN Zone to terminate the VPN connections and enforce policies to Internal Zone.

 

In the rule that allow to pass from VPN zone to Internal zone I configured the users that are allowed to access the internal network and when it's connected with an allowed VPN user, no resource or IP device from internal network can be reached from VPN user. May be I misconfigured something in the VPN Client? MLC users are identified as user@domain.com, when the connection comes from VPN client is it seen by the firewall in the same format?

 

Any help will be appreciated.

 

Regards!

JR

  • senthilbabu McAfee Employee 6 posts since
    Mar 19, 2011
    Currently Being Moderated
    1. Jan 17, 2014 3:15 AM (in response to gooru4speed)
    Re: Shrewsoft VPN Client and Passive Auth

    Hi,

     

    Firewall sees the users as it is given by MLC. i.e users@domain.com.

    Were you able to see all the users on MLC logon report and  were you able to see the passive passports for the authenticated users for which the rule is is defined to allow from vpn to internal zone?

  • senthilbabu McAfee Employee 6 posts since
    Mar 19, 2011
    Currently Being Moderated
    3. Jan 20, 2014 4:46 AM (in response to gooru4speed)
    Re: Shrewsoft VPN Client and Passive Auth

    I asked the questions to make sure MLC is not causing any issues. Thanks for confirming that.

    I am not too familiar about this scenario and hence do not have an answer

  • sliedl McAfee SME 535 posts since
    Nov 3, 2009
    Currently Being Moderated
    4. Jan 29, 2014 5:35 PM (in response to gooru4speed)
    Re: Shrewsoft VPN Client and Passive Auth

    The way I would troubleshoot this is to see if the IP address that is assigned to the VPN Client shows up as a logged-in user in MLC.


    When clients login from their PCs at home how do they logon to the domain?  Do they turn the VPN client on and then somehow logon to the domain?  What networks do you specify in your VPN definition?

     

    Do the IP addresses you are trying to reach over the VPN reside off the internal interface?  A 'route -n get x.x.x.x' will show you the interface and zone.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points