Solved

Allowing VPN Access into network with Netgear FVS318

Posted on 2006-07-11
6
4,660 Views
Last Modified: 2012-08-13
Hello,
My goal is allow VPN access into our network with a Netgear FVS318 using the simple Windows XP Pro SP2 VPN client that comes with the O/S (I do not want to use special VPN clients for the simplicity sake. The users are employees that have DSL/cable connections from their homes and I asssume that there are no firewall clients. All that I want to do is to give the users VPN access to our server to access network folders to work/create/save work documents from home.

For starters: here is the sample IP address information that is relevant for configuration (this is fake numbers):
WAN IP info:
- IP Address: 209.340.562.196
- Submet Mask: 255.255.25.248
- Default Gateway: 209.340.562.1

LAN (Internal) IP info of our server:
- IP Address: 192.168.10.2
- Subnet Mask: 255.255.255.0
- Default Gateway: 192.168.10.1

On the Netgear Router, I have created services for port 1723 (VPN), port 47 (GRE), port 500 (IKE) and port 1701 (L2TP). Whether I need these ports open on the firewall I do not know. These ports all resolve to the LAN IP address of our server. So what I need to know is what put in for the VPN Settings for this connection. The input fields are:
- Connection Name: (this I can name anything...right?)
- Local IPSec Identifier:
- Remote IPSec Identifier:
- Tunnel can be accessed from:
- Tunnel can access:
- Remote WAN IP or FQDN:

The Secure Association is in Main Mode. Perfect Forward Security is disabled (should it be enabled)? There is a PreShared Key. The encryption protocol is DES. The Key Life and IKE Life Time is at their defaults.

I would like help in properly configuring this firewall so all I need to do is to show the users how to setup a VPN Connection with the XP Pro VPN Client. I am sure that there is a way this can be done without the Netgear clients, I am stuck on what I need to do.


 
0
Comment
Question by:Mgrodecki
  • 3
  • 2
6 Comments
 
LVL 22

Expert Comment

by:rickhobbs
ID: 17085717
0
 
LVL 22

Expert Comment

by:rickhobbs
ID: 17085731
Just in case, here is the Client Config: http://www.onecomputerguy.com/networking/xp_vpn.htm
0
 
LVL 3

Expert Comment

by:GeneralMandible
ID: 17085740
Here is a decent link from Microsoft
http://www.microsoft.com/technet/community/columns/profwin/pw0201.mspx

I only had to do the port forwarding on 1723 to get it to work.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 22

Expert Comment

by:rickhobbs
ID: 17086322
It is my understanding that you will have to let the VPN be created between the XP clients and a Windows 2000 server or Windows 2003 server.   You won't be able to get the XP client to create a VPN with the Netgear.  The only other option would involve the Netgear client (that runs around %50), and you said you don't want to use a client other than the built in VPN client.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 17086377
Sounds like you are wanting to set up the client to connect directly to the Netgear unit. To do this you need to use an IPSec client. The standard windows VPN client uses PPTP an cannot be configured to connect directly to the Netgear. It is possible to set up a Windows client using IPSec, but it is quite a challenge and there is little documentation available. The simplest options are:
1) to create a PPTP tunnel between a standard Windows client and a Windows VPN server behind the Netgear. These are the links the others have provided, or you can find these links for different O/S at:
http://www.onecomputerguy.com/networking.htm
In doing so you need only to set up a rule for port 1723, allowing port forwarding to the VPN server. You also need GRE protocol 47 (not port 47) but that is set up by default on the Netgear if you use the built in PPTP/1723 service. None of the other ports are required, because you are not using L2TP or IKE.  Port forward instructions:
http://www.portforward.com/english/routers/port_forwarding/Netgear/FVS318/Point-to-Point_Tunneling_Protocol.htm
2) you can set up an IPSec tunnel directly to the Netgear. Because you are connecting to the router rather than a server behind the router there is no port forwarding to configure. You need to run the VPN configuration wizard and then manually configure the IKE and VPN policies on the router, and on the client install the Netgear ProSafe VPN client. You need to buy the client software, but it is more efficient and more secure. Some details can be found at:
http://kbserver.netgear.com/inquira/default.asp?ui_mode=answer&prior_transaction_id=1449667&action_code=5&highlight_info=16778202,14,27&turl=http%3A%2F%2Fkbserver.netgear.com%2Fkb_web_files%2Fn101436.asp&answer_id=17535188#__highlight
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17110496
Thanks Mgrodecki,
--Rob
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now