Solved

VPN - IPSEC Passthrough

Posted on 2007-12-05
11
3,186 Views
Last Modified: 2011-04-14
I trying to connect to a smoothwall - VPN smoothtunnel via IPSEC, I'm using a netgear WNR834Bv2.
If I use a simple analogue dial up access to the net then connect to the VPN tunnel, everything works fine.

Joy of joys I cant seem to get the Netgear to allow access to the tunnel,  I've heard rumours I need to open ports 50, 51, 500, 1701, 1723 to access the VPN with the Router, I have attempted to open these ports using port forwarding, but still no joy.
Can anyone shed any light or give us a quick step by step walk through.
Thanks in advance
0
Comment
Question by:thegiantsmurf
11 Comments
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
If you have client sitting behind Netgear going out to the internet to the IPSec server then you need not open any ports on the router. By default the router would allow outbound traffic and corresponding inbound traffic in. So, as long you can connect to the internet through the router you should also be able to establish VPN tunnel; also, using the same machine as you are able to connect when using dial-up this means that the mahcine settings are also good.

I would advice you to check with your ISP, it appears that they are deliberately blocking the VPN traffic.

The ports/protocols used for IPSec VPN are:
UDP 500 [IKE]
UDP 4500 [NAT-T]
Protocol 50/51 [ESP/AH; note protocol not port]

Please check and update.

Thank you.
0
 

Author Comment

by:thegiantsmurf
Comment Utility
Thanks for your reply, but my ISP is not blocking anything, I used to have the earlier Rangemax router which worked fine, I'm also tryin to get this resolved with Netgear, their reply was :
 "The WNR834Bv2 Router is just a VPN Pass through, please open the Ports 50, 51, 500, 1701, 1723 to access the VPN with the Router. You must use only the feature "Port Forwarding" to open the ports in the router."

Their reply does not make much sense as I never had to do this on the old router.  Still confused and still no VPN even with the ports open.  I'll try again, but any more ideas would be greatly received.

LEE
0
 
LVL 18

Expert Comment

by:PowerIT
Comment Utility
They probably misunderstood you. It seems that they think you want to pass through an INCOMING connection, while it is actually an OUTGOING connection.
For most routers you have to enable VPN passthrough or NAT Traversal. This enables VPN outgoing. Mind you, lots of cheapo routers allow only one or a limited number of outgoing connection at a time.
The process for configuring VPN passthrough is usually explained in the reference manual, but I can not find a single reference to VPN except a pointer to a general explanation and something about changing the MTU. But the default MTU is large enough.
Which makes me think that this router either doesn't support VPN passthrough or is just flawed.
The release note of the latest firmware mentions a problem with VPN passthrough: http://kbserver.netgear.com/release_notes/d103205.asp
They only mention netgear .. gear, but who knows.
Which firmware version are you on?

If you want to test some more yourself: have a look at this troubleshooting guide: http://www.vpncasestudy.com/vpn_passthrough.html

J.
0
 
LVL 18

Expert Comment

by:PowerIT
Comment Utility
BTW, the datasheet also does NOT mention VPN passthrough or NAT-T.
http://kbserver.netgear.com/datasheets/WNR834B_DS_31May07.pdf

J.
0
 

Author Comment

by:thegiantsmurf
Comment Utility
The netgear was originally on version 1.0.22 which did not work, thus I installed/upgraded to version 1.0.30
It does seem strange that I need to open ports for inbound.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 18

Expert Comment

by:PowerIT
Comment Utility
You don't. It's just wrong, so close them.
The only correct advice I can give: sell that router and buy one who is suited for the purpose. The keywords are VPN Passthrough and NAT Traversel.

J.
0
 

Author Comment

by:thegiantsmurf
Comment Utility
OK....plan B.
Can i just hang my old router onto the network BEFORE the netgear WNR834Bv2.
Therefore what I'll have is the cable connection going to my old router, (which worked) then the new WNR834Bv2, attached to one of the spare network ports, both on the same subnet, both on the same IP range.

It's a bit tacky but as long as I connect to my old router for VPN access (once a week or so) then will it work ?
0
 
LVL 18

Expert Comment

by:PowerIT
Comment Utility
You could do that, if you don't use the WAN part of the Netgear. Otherwise you would have the same problem.
So basically it would become an accesspoint and second switch.
- Disable DHCP on the Netgear.
- Connect the switch ports of the routers using a cross-cable.
- And configure the wireless access point in the router to be a bridge so that it hands out the DHCP addresses of your other router.
Where plan B could fail: I don't find any option on that router to use the wireless part as a generic Access Point. The only thing I can find is a 'Wireless Repeating' funtion in the advanced section of the main menu. I doubt if that will work. But you can give it a try.

J.
0
 

Expert Comment

by:thimscool
Comment Utility
Pfft. I feel your pain, thegiantsmurf. I had the same problem, but just upgraded to v1.0.32.

For me that resolved the issue.

I'm not impressed with Netgear anymore. This is pretty lame. VPN passthru functionality should be tested before the product ever sees the market, IMO. Ah well.
0
 
LVL 18

Accepted Solution

by:
PowerIT earned 250 total points
Comment Utility
Indeed, that's the firmware I referenced above. Smurf, you mention that you are on 1.0.30, but did you try 1.0.32?

J.
0
 

Author Comment

by:thegiantsmurf
Comment Utility
I have upgraded to the latest version.
This still does not solve the problem.  Netgear support have kinda give up the ghost as I mentioned that it worked under XP, they have now closed the case due to this. (I knew I should have not mentioned that).

My only solution is to have a 2nd laptop running XP and connect that way (which works 100% OK) it's just Vista Business which wont connect.  I've modified the Vista firewall to allow VPN ports.
I've wiped the laptop 4 times and tried every time just incase it's an windows update causing the grief.
I do have the Microsoft diagnostics logs available if any one wants a look.  I dont understand them.

(Happy new year)

L.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now