How to Properly Setup A VPN Connection Using Netgear VPN Router and Windows 2000 Server : vpn, netgear, router, setup

May 17, 2008 10:10am pdt

1. batry_boy 209,084
2. RobWill 183,875
3. arnold 81,143
4. lrmoore 72,848
5. mwecompu... 55,414
6. MrHusy 36,470
7. ebjers 35,950
8. mkielar 33,600
9. dpk_wal 28,673
10. Cyclops3590 27,700
11. trinak96 22,665
12. TechSoEasy 20,114
13. from_exp 19,775
14. stuknhawaii 18,075
15. johnb6767 16,522

1. RobWill 1,336,768
2. lrmoore 873,591
3. batry_boy 383,794
4. grblades 213,434
5. rsivanandan 138,641
6. calvinetter 112,055
7. TechSoEasy 93,193
8. arnold 83,143
9. dpk_wal 81,673
10. tim_holman 75,964
11. mwecompu... 73,214
12. MrHusy 69,744
13. keith_al... 69,385
14. ewtaylor 68,324
15. plemieux72 64,143

06.23.2004 at 11:06PM PDT, ID: 21036378

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

4.8

How to Properly Setup A VPN Connection Using Netgear VPN Router and Windows 2000 Server

Zone: Virtual Private Networking (VPN)

Tags: vpn, netgear, router, setup

We have a Small office network which I would like to make it available through VPN, to run some applications which access database on a server and obtain Synergix licences from the server to run the application. Here is the description of the Network Environment:

5 Win2K Pro Computers are connected to a Win2K Server (which is a Domain, DHCP, DNS Server and has Active Directory set) through a Netgear FVL328 High Speed VPN/Firewall Router. The Router is connected to a DSL Modem for internet access. The Dynamic WAN IP address is tracked by DDNS service such as Tzo.com.
Two of our users want to access oand log on to the server from home. 1st user uses Linksus BEFSR41 router (which in turn is connected to the DSL Modem) as a firewall and has a Win2KPro operating System. 2nd user is directly connected to the DSL modem and has WinXP Pro OS. Both Users WAN IP Address is Dynamic.

My confusion comes from the fact that the FVL328 is a VPN router.
1. Does this mean I can use the Router as the VPN server and not the Win2K Server?
2. I mean if I it was for port openning only to access the W2K Server (which can be used as a VPN Server as long as the port is open), whats the purpose of a VPN Router? Am I missing something?
3. Would someone please clarify this for me?

Also whats the best way to establish this VPN Connection? And is it better to use the Win2K Server or the Router for VPN purposes?

Please help!!!

Start your free trial to view this solution

Question Stats

Zone: Networking

Question Asked By: armandolo

Solution Provided By: grblades

Participating Experts: 6

Solution Grade: B

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

06.24.2004 at 11:05AM PDT, ID: 11391656

Rank: Guru

grblades:

There are multiple ways to do it. You could have the Netgear as the vpn server and connect either via the Linksys router or the Windows machines. Or you could have the Windows server as the VPN server and connect via the windows desktop machines.

There is no real right and wrong way. The most significant factor will be how reliable the system is. Windows VPN is used extensivly so the most reliable solution is probably going to be to use the windows server as the VPN server and connect directly from the Windows clients. In this configuration you will need to forward tcp port 1723 from the linksys to the windows server. In theory you also need ip protocol number 47 redirected aswell but if you enable PPTP passthrough on the router this is often done automatically. On the linksys router you will need PPTP passthrough enabled also.

The only thing you can do relly is just set it up one way and test to see how well it works.

06.24.2004 at 11:25AM PDT, ID: 11391892

armandolo:

I had a bit of a reservation in using the Win2K Server as the VPN, due to server load concerns, and was more inclined towardsin having the Netgear as a VPN. Netgear claims that the router is a stable, high speed VPN server. How would I be able to setup the VPN in this case? The Netgear manual does not talk about this situation. It has a lot of mumbo jumbo on IKE and IPSec stuff which I am not sure how to configure.

How do I log onto the Domain when the Router is VPN. How does it know where to send the traffic (as far as the domain server is concerned) and what to allow and who the users are.

Also, I'm not sure what you mean by 'forward tcp port 1723 from the linksys to the windows server', '47 redirected aswell but if you enable PPTP passthrough on the router this is often done automatically. On the linksys router you will need PPTP passthrough enabled also'. How is this done?

Thanks !

06.24.2004 at 11:27AM PDT, ID: 11391916

armandolo:

And if the Netgear is set as the VPN Server, Do I need Remote Access Set/Installed on the Win2K Server?

06.24.2004 at 11:33AM PDT, ID: 11391962

Rank: Guru

grblades:

You could have the Netgear as the VPN server. I don't know much about it but it should be just a case of configuring accounts. It's manual should give all the details about setting it up. At the other end you can either have the Linksys establishing the VPN or the Windows machine. The Linksys is not the most relaible of hardware and VPN support has always been a problematic area for them so personally I would use the Windows machine to establish the VPN. All you will need to configure on the Linksys is to tick the box which sais 'IPSEC Passthru' on its configuration page.

Personally I would not use the Netgear as the VPN server. It may be just my opinion from using their other products but I don't think it will be stable, supported and configurable enough for my needs.
Personally I would buy a Cisco PIX 501 or 506E (depending on the number of VPN users you will have and the speed of your Internet connection). They are highly configurable and come with a Windows VPN client which makes it simply to setup for end users.

06.24.2004 at 11:34AM PDT, ID: 11391971

Rank: Guru

grblades:

If VPN is setup on the Netgear the only think which will need to be configured on the server is the network default gateway so that it can talk over the Internet. You almost certenly already have this configured.

06.24.2004 at 12:08PM PDT, ID: 11392324

armandolo:

This still leaves the question open to as how to setup the VPN Router so when the traffic comes, or when the request is made, It is passed to the Domain Controller?. I'll try some things this weekend to see if it works.

06.24.2004 at 12:13PM PDT, ID: 11392374

Rank: Guru

grblades:

Once the VPN is established then the client can talk directly to the server. A cisco PIX and the VPN client that I use can be configured so that when the client connects they are issued with an IP address for the VPN session and also assigned a WINS server to use so that they are able to ressolve machine names. The client then just maps a drive and accesses the server.

06.24.2004 at 12:17PM PDT, ID: 11392431

armandolo:

To Late on Router Selection. Made the Purchase some time ago.

06.27.2004 at 01:22PM PDT, ID: 11411465

armandolo:

I enabled IPSec passthrough on the Linksys But I cant still connect to the Office server through the Netgear. This is realy frustrating!

06.27.2004 at 01:44PM PDT, ID: 11411566

Rank: Guru

grblades:

What IP addresses are you using for the office network?

06.28.2004 at 09:02AM PDT, ID: 11416913

armandolo:

10.10.1.1-10.10.1.10

06.28.2004 at 09:02AM PDT, ID: 11416918

armandolo:

The Server is 10.10.1.11

06.28.2004 at 09:39AM PDT, ID: 11417337

Rank: Guru

grblades:

That should be fine. The linksys normally uses 192.168.1.x so there wont be a conflict.
Have you tried upgrading to the latest firmware for the Linksys?

06.28.2004 at 09:41AM PDT, ID: 11417370

armandolo:

Both Linksys and Netgear have the latest firmware. I think that the Netgear is the problem, since I have no problem connecting to other VPN Sites (for may other work)

06.28.2004 at 09:47AM PDT, ID: 11417437

Rank: Guru

grblades:

It could well be the Netgear. Although it supports IPSEC passthrough this could be only for outbound VPN connections. By default everything outbound is permitted so it only needs to handle IPSEC but for inbound it needs to recognise that ISAKMP (UDP 500) packets are coming in and also allow IPSEC (IP 50) through. They may just have not implemented this last bit.

06.30.2004 at 06:49PM PDT, ID: 11442528

armandolo:

grblades you have told me a lot of stuff but I'm still where I started. I still do not know how to properly configure the NEtgear to have clients accesing my internal network.

Again the situation is as follows.

Internal network with Windows 2000 Server and Netgear FVL328 as the gateway. The WAN address (which is dynamic) can be located with Dynamic DNS Services.

The clients use DSL (again Dynamic IP address) and want to connect to my internal network. I can not properly configure the Netgear. When using the VPN connection at the clients end. We get Error 678: There was no answer.

07.01.2004 at 01:44AM PDT, ID: 11444551

Rank: Guru

grblades:

I am not familiar with the Netgear products specifically so tried to help with general VPN issues that could be the cause of the problem. It looks like the problem might be specifically to do with the configuration of the Netgear itself.
I suggest you have a look at and possibly post a question here http://www.dslreports.com/forum/equip,9 as it is specific to Netgear products and there should be more people there who have used the same router you have.
Good luck.

07.09.2004 at 03:06PM PDT, ID: 11516379

armandolo:

Ok let me ask a bit of a general question. Forget about a netgear. A VPN router has all the IKE and IPSEC settings for security and comunication. On the clients end one needs to know what they are in order to go through right? Win2K Professionals VPN connection does not have any of those settings. It only requires IP address, username and password and maybe a domain if there is one.

1. Does this mean that I can not use Windows 2000 Professionals VPN connection to communicate with a router?
2. Is the Windows 2000 Professionals VPN connection for connecting to a Win2K Server which is set as a remote access server?
3. Do I need a dedicated VPN Connection Client Software?

07.09.2004 at 03:08PM PDT, ID: 11516393

armandolo:

Addition to the question 3.
3. Do I need a dedicated VPN Connection Client Software to connect to the routers VPN?

07.10.2004 at 01:11AM PDT, ID: 11517654

Rank: Guru

grblades:

There are 3 mail VPN protocols in use:-
IPSEC - This is the industry standard VPN protocol. All VPN routers will support it and it is very versitile. It is relativly complicated to configure however as there are 4 types of encryption and a couple of authentication methods that can be used and not all may be supported by all vpn routers and client software.