Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Unable to connect to VPN through NetGear FVX538 VPN ProSafe Firewall.

Posted on 2006-06-20
Medium Priority
Last Modified: 2009-01-20
I have had so much trouble using the Netgear VPN firewall and the VPN client software that I have decided to abandon this setup and venture into something new.
I'm now trying to set up a VPN with the provided, free software that comes with Windows XP Pro and Windows Server 2003.  I have successfully setup the VPN servers-side with Tech Republic's help and white papers and I have also setup the client-side of the VPN as well.
Now I'm at the part where I'm using pptpsvr.exe and pptpclnt.exe (free from Microsoft) to test whether or not the request from the client is making it through the NetGear firewall and making it to the VPN server. Then the VPN server should reply back to the client with "x" number of GRE packets.
This is my problem. I can't get a reply from the VPN server so I assume that the request is not making it past the firewall. I have opened up port 1723 and forwarded it directly the static IP of the VPN server. My client is on another network with an IP of 192.168.0.x while the network I'm trying to connect to is on network 192.168.1.x. I did read that I have to set up IP protocol 47 as well. To my knowledge this IP protocol 47 is not TCP/UDP port 47. I don't know how to configure this IP protocol 47 on my FVX538 VPN ProSafe firewall in order to allow my VPN request to reach the server. Any ideas out there on how to configure this IP protocol 47?
I need this issue to be resolved asap in order to keep my boss happy!
Question by:HbugProject
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 12

Expert Comment

ID: 16945249
I have a 538 at a clients and it works great.
I don't remember forwarding port 47, just the 1723 one.
They are using the vpn server in Windows, and it connects like a champ from my home network -so the trip is similar
home 192.168.15.x to theinternet, then public IP of the router, then to the private 192.168.1.x address of the server.
Can you try to connect to the VPN from INSIDE the network first - to verify you have it right?

Author Comment

ID: 16946132
Yes I was able to connect to the VPN inside the network. I connected just fine with no problems at all. I just can't seem to connect to it from outside the network.
LVL 77

Expert Comment

by:Rob Williams
ID: 16948289
Protocol 47 (GRE) is usually forwarded by simply enabling VPN pass-through" or "PPTP pass-through". However, on the Netgear routers I have worked with, this is not an option. Instead enabling port forwarding using their built-in PPTP port 1723 service, enables this automatically. If you manually create a new service for port 1723 rather than using the existing one, this does not seem to be the case. If blocked GRE is the problem you most often get a #721 connection error.
As for the pptpsvr/ pptpclnt I have never had it work as it is supposed to. If you enable it on the server and try to connect, the server does seem to present a message that the GRE packets were received. But I have never had it show that they were sent back. I suspect you would have to enable port forwarding and configure the firewall on the client to have it function in that way, such as in a site to site PPTP VPN configuration.

First test I would do is from the VPN server go to  http://www.canyouseeme.org  and test for port 1723. This will at least verify that the port forwarding is functioning. From this site you can also verify the IP to which yo are connecting is correct.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 16954363
That was informative because I did find an issue with my rule I created on the firewall. I went to canyouseeme.org and I tested port 1723 and it was successful. However, they gave me a different IP than the one I had in the rule which was my outside IP that I totally forgot about. So I configured my outside IP address in the rule as well.

So this is how I have my rule set up now in my firewall:
service - PPTP (TCP 1723) + None
Action - Allow always
Send to LAN Server - 192.168.1.x (internal IP of my VPN server)
WAN Users - Any
Public Destination IP Address - Other Public IP Address
                                            209.175.252.x (the IP that canyouseeme.org gave me)
QoS Priority - None
Log - Always

I'm still getting an error 800: Unable to reach VPN server from outside the network.
LVL 77

Expert Comment

by:Rob Williams
ID: 16954814
>>"Public Destination IP Address - Other Public IP Address
                                            209.175.252.x (the IP that canyouseeme.org gave me)"
Is this part of the Netgear configuration or just informing of the VPN client connection information. It is the IP the client should be connecting to.
Also I would completely disable any software firewalls on the VPN server, just as a test. Firewalls such as Windows built-in, ZoneAlarm, Symantec, McAfee and such can block the VPN. One other I have come across is, if using Symantec for virus protection, it's Internet Worm Protection feature can cause problems.
If still not working see if you can connect the remote client directly to it's modem by-passing the router as a test. If you do so make sure virus protection, Windows updates and such are in place.

Author Comment

ID: 17154854
Problem solved. I was using the wrong internal IP address as the host IP for the VPN configuration. Since I corrected it, it works fine now.
LVL 77

Expert Comment

by:Rob Williams
ID: 17160069
Ah, That would do it <G>. Thanks for the update.

Accepted Solution

ee_ai_construct earned 0 total points
ID: 17399791
PAQ / Refund
ee ai construct, community support moderator

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question