• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 915
  • Last Modified:

FVS318 - Opening ports 1723, 500, 47 for software VPN service

Our office uses a netgear FVS318 Firewall/Router.  One of the Dr's offices in the building wants to set up their own private VPN.  When they initially set up their connection it worked fine but recently stopped working.  I was asked to make sure that ports 1723, 500, 47 are open on the firewall.  In the FVS I went to add service, and added the port # and protocol.  This is exactly how Netgear says to open these ports.  Am I missing or forgetting something here?

I have saved screenshots in the firewall config options here:

http://img.photobucket.com/albums/v201/justin37013/VPNscreenshot1.jpg

http://img.photobucket.com/albums/v201/justin37013/VPNscreenshot2.jpg

Also, is their a simple way to test if these ports are actually open or not?  Thanks!

0
SCCHIS
Asked:
SCCHIS
  • 4
  • 2
  • 2
  • +3
1 Solution
 
JonShCommented:
Yah.  Go to www.grc.com (Gibson Research) and use their Shields Up test to see what ports make it through your firewall to a local computer.  Also your screen shots look fine except I'm wondering....it looks like there are circles off to the left that aren't checked/pushed....are they supposed to be checked for the port forwarding to be active?

0
 
NetworkArchitekCommented:
Hi SCCHIS,
Reboot the router.

Cheers!
0
 
JonShCommented:
LOL....NetworkArchitek raises a very valid solution!  Reboot is always a good first fix :)

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
FrabbleCommented:
I take it the office has a client PC wanting to VPN through the router?

You've allowed 1723 and UDP 500 out OK (if you want to give it the correct label it's isakmp - check out http://www.iana.org/assignments/port-numbers )
I suspect that 47 is not the port number but the protocol number so your entry for that won't have any affect.

You may also have to port map UDP 500 to the client PC IP address for the incoming packets.

0
 
SCCHISAuthor Commented:
"Yah.  Go to www.grc.com (Gibson Research) and use their Shields Up test to see what ports make it through your firewall to a local computer.  Also your screen shots look fine except I'm wondering....it looks like there are circles off to the left that aren't checked/pushed....are they supposed to be checked for the port forwarding to be active?"

All ports show up as true stealth on this test.  As for checking or pushing those buttons, that is to select which item you would like to edit.  


"You may also have to port map UDP 500 to the client PC IP address for the incoming packets."

Have no idea how this is done.  I know there are some advanced options in the Netgear configuration where I can click on PORTS in the Advanced options - and get to some other options like here:

http://img.photobucket.com/albums/v201/justin37013/VPNscreenshot3.jpg
http://img.photobucket.com/albums/v201/justin37013/VPNscreenshot4.jpg

Is this where I need to be or are you talking about something different?  

0
 
FrabbleCommented:
"Is this where I need to be or are you talking about something different?"

Yes. Local Server address is the local machine address and it looks like you can set the remote address with WAN user's address - neat :)
0
 
SCCHISAuthor Commented:
"Yes. Local Server address is the local machine address and it looks like you can set the remote address with WAN user's address - neat :)"

Interesting, according to Netgear simply adding the services without going to the advanced/ports section should have opened up those ports.  I will give this a try and see what I happens.  
0
 
nostravamusCommented:
U need to open the port tcp 1723 and ports of protocol TYPE 47, GRE, not the port 47 udp or tcp,

1723 tcp
GRE protocol traffic (protocol type 47)

port 500 u need if are usind l2tp conections
0
 
SCCHISAuthor Commented:
"GRE protocol traffic (protocol type 47)"

I seem to have opened 1723 and 500 as NETGEAR says to do, but I do not see any options that allow me to accomplish this....
0
 
SCCHISAuthor Commented:
"You may also have to port map UDP 500 to the client PC IP address for the incoming packets."

This worked.....sort of.

According to NETGEAR, they do not allow more than 1 PPTP VPN connection at a time on this router.  

I deleted the forwarding to the 2nd PC and the VPN now seems to work.  It only took 3 tech support calls for someone to mention this.  

0
 
vfretCommented:
It looked like it almost came out in this post, but stopped short. So I'll ask the question. Can protocall 47 be specifically allowed through the FVS318. I need to get a PDA that supports LT2p VPN through a FVS318 and on into a Win 2000 server. The reason is , is because I cannot run the prosafe client on my PDA. It runs WIN CE .NET 4.2.  Since I cannot run the client on my PDA, I need to use an LT2P connection to connect directly to my 2000 servers VPN server, because the PDA can initiate a LT2p connection.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 4
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now