Can't connect to external VPN using Netgear WGT624 Firewall Router

I have a home network setup that uses the Netgear WGT624 Firewall Router, and I have two laptops that connect to the net through this router.  I set up 2 IP reservations, and they are 192.168.0.2 192.168.0.3, with the router's IP being 192.168.0.1.

When attempting to connect to my office's network using the WinXP Pro VPN connection setup, I always get the error code 721 (from Windows) and all it says it to check the IP address and make sure my logon info is correct.  I have used this VPN connection from other locations (via modem, other unsecured wireless connections, hotel's networks) many times with no problem at all.  

This happens whether I am using the wireless connection or even connected directly to the router with an ethernet cable and my wireless card disabled.  I have XP SP2 installed, the firewall disabled, and also have ZoneAlarm shutoff at all times.  Updated to latest router firmware yesterday as well. When I log into the router using the admin account, I cannot find any information about VPN connections or perhaps allowing connections to trusted IP's.

 Any ideas?  

Thanks in advance if anyone can help!
aedenoneAsked:
Who is Participating?
 
pseudocyberCommented:
I don't know.  I'm not familiar with your router.  

SPI means stateful packet inspection.  This works by building a table of outbound traffic with the IP source and port number.   If a reply comes back with the correct destination IP and port number, the firewall knows there's an open connection waiting on a reply - it's maintaining "state".  If you turn this off, you should still be protected by the Network Address Translation (NAT) function, though not as well.  

Alternatively, you could try putting your vpn machine in a dmz port, or configure it as a DMZ.
0
 
pseudocyberCommented:
Might try this:  Page 6-4 of the manual:

Disable SPI Firewall
Normally, this option should be Enabled, so that your local network will be protected by the
Stateful Packet Inspection (SPI) firewall included in the WGT624. However, certain
communications functions like VPN may require turning off the SPI feature.

0
 
aedenoneAuthor Commented:
Thank you for your response. I will try it tonight and hopefully it will work.

One quick question though......Will disabling the SPI firewall disable ALL firewall protection?
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Technicon-SGCommented:
If he sets his vpn machine as the DMZ he will lose the NAT protection as well.
0
 
aedenoneAuthor Commented:
Well I tried disabling my SPI firewall as well as allow ping and still I cannot connect to my work VPN. Any other suggestions?
0
 
pseudocyberCommented:
Does it work in the DMZ port/ or as a DMZ port?  And it works straight into the Modem?

My only suggestion after that is to call DLink, or just go get yourself a Linksys ;)
0
 
PCIPROSCommented:
What VPN client are you using?  Firewalls / NAT routers can break IPSEC/IKE.  Check through your VPN software and see if there is an option for NAT Traversal or UDP 500 initiation.  This option allows for the IPSEC connection to be established even if NAT or a firewall is mangling the packets.
0
 
aedenoneAuthor Commented:
I am using Windows VPN client. I, and many other employees at our company have connected to VPN before, I just have not been able to connect through this router. I am at my wits end am about place this thing in the circular file. Being the person I am I just would like to know what is the problem with this router before doing so.
0
 
PCIPROSCommented:
Can you clarify which flavor of Windows VPN you are using?  Is it the IPSEC or PPTP client?  PPTP isn't affected by the NAT Traversal issues like IPSEC is.  Also, do you know what version of teh WGT624 you are using?  There will be a label on the bottom stating if it's v1 (WGT624), v2 (WGT624v2), or v3 (WGT642v3).  v1 & v2 should be running the latest stable firmware v4.2.6 as well.
0
 
aedenoneAuthor Commented:
We are using PPTP and the router is Version 2
0
 
aedenoneAuthor Commented:
The problem was solved. It was not an issue with the Netgear WGT624 after all. It was a problem with my buildings firewall. I had to get an external IP address outside of the firewall in order to connect.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.