Solved

Allowing VPN Access into network with Netgear FVS318

Posted on 2006-07-11
6
4,664 Views
Last Modified: 2012-08-13
Hello,
My goal is allow VPN access into our network with a Netgear FVS318 using the simple Windows XP Pro SP2 VPN client that comes with the O/S (I do not want to use special VPN clients for the simplicity sake. The users are employees that have DSL/cable connections from their homes and I asssume that there are no firewall clients. All that I want to do is to give the users VPN access to our server to access network folders to work/create/save work documents from home.

For starters: here is the sample IP address information that is relevant for configuration (this is fake numbers):
WAN IP info:
- IP Address: 209.340.562.196
- Submet Mask: 255.255.25.248
- Default Gateway: 209.340.562.1

LAN (Internal) IP info of our server:
- IP Address: 192.168.10.2
- Subnet Mask: 255.255.255.0
- Default Gateway: 192.168.10.1

On the Netgear Router, I have created services for port 1723 (VPN), port 47 (GRE), port 500 (IKE) and port 1701 (L2TP). Whether I need these ports open on the firewall I do not know. These ports all resolve to the LAN IP address of our server. So what I need to know is what put in for the VPN Settings for this connection. The input fields are:
- Connection Name: (this I can name anything...right?)
- Local IPSec Identifier:
- Remote IPSec Identifier:
- Tunnel can be accessed from:
- Tunnel can access:
- Remote WAN IP or FQDN:

The Secure Association is in Main Mode. Perfect Forward Security is disabled (should it be enabled)? There is a PreShared Key. The encryption protocol is DES. The Key Life and IKE Life Time is at their defaults.

I would like help in properly configuring this firewall so all I need to do is to show the users how to setup a VPN Connection with the XP Pro VPN Client. I am sure that there is a way this can be done without the Netgear clients, I am stuck on what I need to do.


 
0
Comment
Question by:Mgrodecki
  • 3
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17085717
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17085731
Just in case, here is the Client Config: http://www.onecomputerguy.com/networking/xp_vpn.htm
0
 
LVL 3

Expert Comment

by:GeneralMandible
ID: 17085740
Here is a decent link from Microsoft
http://www.microsoft.com/technet/community/columns/profwin/pw0201.mspx

I only had to do the port forwarding on 1723 to get it to work.
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17086322
It is my understanding that you will have to let the VPN be created between the XP clients and a Windows 2000 server or Windows 2003 server.   You won't be able to get the XP client to create a VPN with the Netgear.  The only other option would involve the Netgear client (that runs around %50), and you said you don't want to use a client other than the built in VPN client.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 17086377
Sounds like you are wanting to set up the client to connect directly to the Netgear unit. To do this you need to use an IPSec client. The standard windows VPN client uses PPTP an cannot be configured to connect directly to the Netgear. It is possible to set up a Windows client using IPSec, but it is quite a challenge and there is little documentation available. The simplest options are:
1) to create a PPTP tunnel between a standard Windows client and a Windows VPN server behind the Netgear. These are the links the others have provided, or you can find these links for different O/S at:
http://www.onecomputerguy.com/networking.htm
In doing so you need only to set up a rule for port 1723, allowing port forwarding to the VPN server. You also need GRE protocol 47 (not port 47) but that is set up by default on the Netgear if you use the built in PPTP/1723 service. None of the other ports are required, because you are not using L2TP or IKE.  Port forward instructions:
http://www.portforward.com/english/routers/port_forwarding/Netgear/FVS318/Point-to-Point_Tunneling_Protocol.htm
2) you can set up an IPSec tunnel directly to the Netgear. Because you are connecting to the router rather than a server behind the router there is no port forwarding to configure. You need to run the VPN configuration wizard and then manually configure the IKE and VPN policies on the router, and on the client install the Netgear ProSafe VPN client. You need to buy the client software, but it is more efficient and more secure. Some details can be found at:
http://kbserver.netgear.com/inquira/default.asp?ui_mode=answer&prior_transaction_id=1449667&action_code=5&highlight_info=16778202,14,27&turl=http%3A%2F%2Fkbserver.netgear.com%2Fkb_web_files%2Fn101436.asp&answer_id=17535188#__highlight
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17110496
Thanks Mgrodecki,
--Rob
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now