[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Can't connect to external VPN using Netgear WGT624 Firewall Router

Posted on 2005-05-03
11
Medium Priority
?
9,964 Views
Last Modified: 2011-08-18
I have a home network setup that uses the Netgear WGT624 Firewall Router, and I have two laptops that connect to the net through this router.  I set up 2 IP reservations, and they are 192.168.0.2 192.168.0.3, with the router's IP being 192.168.0.1.

When attempting to connect to my office's network using the WinXP Pro VPN connection setup, I always get the error code 721 (from Windows) and all it says it to check the IP address and make sure my logon info is correct.  I have used this VPN connection from other locations (via modem, other unsecured wireless connections, hotel's networks) many times with no problem at all.  

This happens whether I am using the wireless connection or even connected directly to the router with an ethernet cable and my wireless card disabled.  I have XP SP2 installed, the firewall disabled, and also have ZoneAlarm shutoff at all times.  Updated to latest router firmware yesterday as well. When I log into the router using the admin account, I cannot find any information about VPN connections or perhaps allowing connections to trusted IP's.

 Any ideas?  

Thanks in advance if anyone can help!
0
Comment
Question by:aedenone
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13926154
Might try this:  Page 6-4 of the manual:

Disable SPI Firewall
Normally, this option should be Enabled, so that your local network will be protected by the
Stateful Packet Inspection (SPI) firewall included in the WGT624. However, certain
communications functions like VPN may require turning off the SPI feature.

0
 

Author Comment

by:aedenone
ID: 13927209
Thank you for your response. I will try it tonight and hopefully it will work.

One quick question though......Will disabling the SPI firewall disable ALL firewall protection?
0
 
LVL 27

Accepted Solution

by:
pseudocyber earned 750 total points
ID: 13928022
I don't know.  I'm not familiar with your router.  

SPI means stateful packet inspection.  This works by building a table of outbound traffic with the IP source and port number.   If a reply comes back with the correct destination IP and port number, the firewall knows there's an open connection waiting on a reply - it's maintaining "state".  If you turn this off, you should still be protected by the Network Address Translation (NAT) function, though not as well.  

Alternatively, you could try putting your vpn machine in a dmz port, or configure it as a DMZ.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 6

Expert Comment

by:Technicon-SG
ID: 13944701
If he sets his vpn machine as the DMZ he will lose the NAT protection as well.
0
 

Author Comment

by:aedenone
ID: 13945030
Well I tried disabling my SPI firewall as well as allow ping and still I cannot connect to my work VPN. Any other suggestions?
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13945055
Does it work in the DMZ port/ or as a DMZ port?  And it works straight into the Modem?

My only suggestion after that is to call DLink, or just go get yourself a Linksys ;)
0
 

Expert Comment

by:PCIPROS
ID: 14025022
What VPN client are you using?  Firewalls / NAT routers can break IPSEC/IKE.  Check through your VPN software and see if there is an option for NAT Traversal or UDP 500 initiation.  This option allows for the IPSEC connection to be established even if NAT or a firewall is mangling the packets.
0
 

Author Comment

by:aedenone
ID: 14027587
I am using Windows VPN client. I, and many other employees at our company have connected to VPN before, I just have not been able to connect through this router. I am at my wits end am about place this thing in the circular file. Being the person I am I just would like to know what is the problem with this router before doing so.
0
 

Expert Comment

by:PCIPROS
ID: 14027672
Can you clarify which flavor of Windows VPN you are using?  Is it the IPSEC or PPTP client?  PPTP isn't affected by the NAT Traversal issues like IPSEC is.  Also, do you know what version of teh WGT624 you are using?  There will be a label on the bottom stating if it's v1 (WGT624), v2 (WGT624v2), or v3 (WGT642v3).  v1 & v2 should be running the latest stable firmware v4.2.6 as well.
0
 

Author Comment

by:aedenone
ID: 14047704
We are using PPTP and the router is Version 2
0
 

Author Comment

by:aedenone
ID: 14116621
The problem was solved. It was not an issue with the Netgear WGT624 after all. It was a problem with my buildings firewall. I had to get an external IP address outside of the firewall in order to connect.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Screencast - Getting to Know the Pipeline

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question