Help configuring Netgear Prosafe VPN Client
Posted on 2006-11-06
I have a Netgear FVS124G on our network acting as a firewall.
It has a VPN connection to another Netgear router at a different location that works fine.
I am having hell trying to get a laptop to VPN to the 124G.
I can usually get phase 1 up, but phase 2 fails.
The router displays:
No matching SPD policy for the selectors received in IKE phase-II message
in the vpn log.
I have searched high and low and can't figure out exactly what an SPD is, and what it's requirements are.
I've used a variety of identity schemes. Including email addresses.
I'm currently using fvs_local and fvs_remote as I understand these are only for authentication purposes.
I'd appreciate some help understanding what an SPD is, figuring out how to get this running without a fixed IP on the client, and in better understanding VPN as netgear imagines it.
My understanding is that Netgear Router to Router with fixed IPs works great. That isn't an option in this case. Nor is replacing hardware. Nor is using SBS 2003 Ras.
Client is giving time out errors (assume because router is discarding requests based on no matching spd).
I'm assigning 500 points to this because:
1) I spent 8 hours on it yesterday. I'm an MCSE and degreed and consider myself "good at IT".
2) It seems to be a particularly tedious thing to get netgear vpn clients to connect. Netgear has not documented it on their site.
3) Netgear charges $45 for support. That increases the value a bit I think.
4) There are lots of folks with this problem but few documented solutions that go beyond a example. In other words nobody is explaining how it works so that people can solve their own headaches and make informed decisions.
I think that makes it a more valuable question.