FVS318 - Opening ports 1723, 500, 47 for software VPN service

Our office uses a netgear FVS318 Firewall/Router.  One of the Dr's offices in the building wants to set up their own private VPN.  When they initially set up their connection it worked fine but recently stopped working.  I was asked to make sure that ports 1723, 500, 47 are open on the firewall.  In the FVS I went to add service, and added the port # and protocol.  This is exactly how Netgear says to open these ports.  Am I missing or forgetting something here?

I have saved screenshots in the firewall config options here:

http://img.photobucket.com/albums/v201/justin37013/VPNscreenshot1.jpg

http://img.photobucket.com/albums/v201/justin37013/VPNscreenshot2.jpg

Also, is their a simple way to test if these ports are actually open or not?  Thanks!

SCCHISAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JonShCommented:
Yah.  Go to www.grc.com (Gibson Research) and use their Shields Up test to see what ports make it through your firewall to a local computer.  Also your screen shots look fine except I'm wondering....it looks like there are circles off to the left that aren't checked/pushed....are they supposed to be checked for the port forwarding to be active?

0
NetworkArchitekCommented:
Hi SCCHIS,
Reboot the router.

Cheers!
0
JonShCommented:
LOL....NetworkArchitek raises a very valid solution!  Reboot is always a good first fix :)

0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

FrabbleCommented:
I take it the office has a client PC wanting to VPN through the router?

You've allowed 1723 and UDP 500 out OK (if you want to give it the correct label it's isakmp - check out http://www.iana.org/assignments/port-numbers )
I suspect that 47 is not the port number but the protocol number so your entry for that won't have any affect.

You may also have to port map UDP 500 to the client PC IP address for the incoming packets.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SCCHISAuthor Commented:
"Yah.  Go to www.grc.com (Gibson Research) and use their Shields Up test to see what ports make it through your firewall to a local computer.  Also your screen shots look fine except I'm wondering....it looks like there are circles off to the left that aren't checked/pushed....are they supposed to be checked for the port forwarding to be active?"

All ports show up as true stealth on this test.  As for checking or pushing those buttons, that is to select which item you would like to edit.  


"You may also have to port map UDP 500 to the client PC IP address for the incoming packets."

Have no idea how this is done.  I know there are some advanced options in the Netgear configuration where I can click on PORTS in the Advanced options - and get to some other options like here:

http://img.photobucket.com/albums/v201/justin37013/VPNscreenshot3.jpg
http://img.photobucket.com/albums/v201/justin37013/VPNscreenshot4.jpg

Is this where I need to be or are you talking about something different?  

0
FrabbleCommented:
"Is this where I need to be or are you talking about something different?"

Yes. Local Server address is the local machine address and it looks like you can set the remote address with WAN user's address - neat :)
0
SCCHISAuthor Commented:
"Yes. Local Server address is the local machine address and it looks like you can set the remote address with WAN user's address - neat :)"

Interesting, according to Netgear simply adding the services without going to the advanced/ports section should have opened up those ports.  I will give this a try and see what I happens.  
0
nostravamusCommented:
U need to open the port tcp 1723 and ports of protocol TYPE 47, GRE, not the port 47 udp or tcp,

1723 tcp
GRE protocol traffic (protocol type 47)

port 500 u need if are usind l2tp conections
0
SCCHISAuthor Commented:
"GRE protocol traffic (protocol type 47)"

I seem to have opened 1723 and 500 as NETGEAR says to do, but I do not see any options that allow me to accomplish this....
0
SCCHISAuthor Commented:
"You may also have to port map UDP 500 to the client PC IP address for the incoming packets."

This worked.....sort of.

According to NETGEAR, they do not allow more than 1 PPTP VPN connection at a time on this router.  

I deleted the forwarding to the 2nd PC and the VPN now seems to work.  It only took 3 tech support calls for someone to mention this.  

0
vfretCommented:
It looked like it almost came out in this post, but stopped short. So I'll ask the question. Can protocall 47 be specifically allowed through the FVS318. I need to get a PDA that supports LT2p VPN through a FVS318 and on into a Win 2000 server. The reason is , is because I cannot run the prosafe client on my PDA. It runs WIN CE .NET 4.2.  Since I cannot run the client on my PDA, I need to use an LT2P connection to connect directly to my 2000 servers VPN server, because the PDA can initiate a LT2p connection.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.