Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

VPN - IPSEC Passthrough

Posted on 2007-12-05
11
Medium Priority
?
3,212 Views
Last Modified: 2011-04-14
I trying to connect to a smoothwall - VPN smoothtunnel via IPSEC, I'm using a netgear WNR834Bv2.
If I use a simple analogue dial up access to the net then connect to the VPN tunnel, everything works fine.

Joy of joys I cant seem to get the Netgear to allow access to the tunnel,  I've heard rumours I need to open ports 50, 51, 500, 1701, 1723 to access the VPN with the Router, I have attempted to open these ports using port forwarding, but still no joy.
Can anyone shed any light or give us a quick step by step walk through.
Thanks in advance
0
Comment
Question by:thegiantsmurf
11 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20416269
If you have client sitting behind Netgear going out to the internet to the IPSec server then you need not open any ports on the router. By default the router would allow outbound traffic and corresponding inbound traffic in. So, as long you can connect to the internet through the router you should also be able to establish VPN tunnel; also, using the same machine as you are able to connect when using dial-up this means that the mahcine settings are also good.

I would advice you to check with your ISP, it appears that they are deliberately blocking the VPN traffic.

The ports/protocols used for IPSec VPN are:
UDP 500 [IKE]
UDP 4500 [NAT-T]
Protocol 50/51 [ESP/AH; note protocol not port]

Please check and update.

Thank you.
0
 

Author Comment

by:thegiantsmurf
ID: 20418055
Thanks for your reply, but my ISP is not blocking anything, I used to have the earlier Rangemax router which worked fine, I'm also tryin to get this resolved with Netgear, their reply was :
 "The WNR834Bv2 Router is just a VPN Pass through, please open the Ports 50, 51, 500, 1701, 1723 to access the VPN with the Router. You must use only the feature "Port Forwarding" to open the ports in the router."

Their reply does not make much sense as I never had to do this on the old router.  Still confused and still no VPN even with the ports open.  I'll try again, but any more ideas would be greatly received.

LEE
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20418300
They probably misunderstood you. It seems that they think you want to pass through an INCOMING connection, while it is actually an OUTGOING connection.
For most routers you have to enable VPN passthrough or NAT Traversal. This enables VPN outgoing. Mind you, lots of cheapo routers allow only one or a limited number of outgoing connection at a time.
The process for configuring VPN passthrough is usually explained in the reference manual, but I can not find a single reference to VPN except a pointer to a general explanation and something about changing the MTU. But the default MTU is large enough.
Which makes me think that this router either doesn't support VPN passthrough or is just flawed.
The release note of the latest firmware mentions a problem with VPN passthrough: http://kbserver.netgear.com/release_notes/d103205.asp
They only mention netgear .. gear, but who knows.
Which firmware version are you on?

If you want to test some more yourself: have a look at this troubleshooting guide: http://www.vpncasestudy.com/vpn_passthrough.html

J.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Expert Comment

by:PowerIT
ID: 20418308
BTW, the datasheet also does NOT mention VPN passthrough or NAT-T.
http://kbserver.netgear.com/datasheets/WNR834B_DS_31May07.pdf

J.
0
 

Author Comment

by:thegiantsmurf
ID: 20418424
The netgear was originally on version 1.0.22 which did not work, thus I installed/upgraded to version 1.0.30
It does seem strange that I need to open ports for inbound.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20418502
You don't. It's just wrong, so close them.
The only correct advice I can give: sell that router and buy one who is suited for the purpose. The keywords are VPN Passthrough and NAT Traversel.

J.
0
 

Author Comment

by:thegiantsmurf
ID: 20418540
OK....plan B.
Can i just hang my old router onto the network BEFORE the netgear WNR834Bv2.
Therefore what I'll have is the cable connection going to my old router, (which worked) then the new WNR834Bv2, attached to one of the spare network ports, both on the same subnet, both on the same IP range.

It's a bit tacky but as long as I connect to my old router for VPN access (once a week or so) then will it work ?
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20418654
You could do that, if you don't use the WAN part of the Netgear. Otherwise you would have the same problem.
So basically it would become an accesspoint and second switch.
- Disable DHCP on the Netgear.
- Connect the switch ports of the routers using a cross-cable.
- And configure the wireless access point in the router to be a bridge so that it hands out the DHCP addresses of your other router.
Where plan B could fail: I don't find any option on that router to use the wireless part as a generic Access Point. The only thing I can find is a 'Wireless Repeating' funtion in the advanced section of the main menu. I doubt if that will work. But you can give it a try.

J.
0
 

Expert Comment

by:thimscool
ID: 20454616
Pfft. I feel your pain, thegiantsmurf. I had the same problem, but just upgraded to v1.0.32.

For me that resolved the issue.

I'm not impressed with Netgear anymore. This is pretty lame. VPN passthru functionality should be tested before the product ever sees the market, IMO. Ah well.
0
 
LVL 18

Accepted Solution

by:
PowerIT earned 1000 total points
ID: 20455623
Indeed, that's the firmware I referenced above. Smurf, you mention that you are on 1.0.30, but did you try 1.0.32?

J.
0
 

Author Comment

by:thegiantsmurf
ID: 20563276
I have upgraded to the latest version.
This still does not solve the problem.  Netgear support have kinda give up the ghost as I mentioned that it worked under XP, they have now closed the case due to this. (I knew I should have not mentioned that).

My only solution is to have a 2nd laptop running XP and connect that way (which works 100% OK) it's just Vista Business which wont connect.  I've modified the Vista firewall to allow VPN ports.
I've wiped the laptop 4 times and tried every time just incase it's an windows update causing the grief.
I do have the Microsoft diagnostics logs available if any one wants a look.  I dont understand them.

(Happy new year)

L.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question