Netgear IPSec VPN passing through DSL modems?

Posted on 2009-02-24
Last Modified: 2013-11-16
I am trying to set up a VPN between two Netgear routers FVS318v3.

Router #1 is behind a managed Cable modem,
 - modem wan, modem lan
 - router wan, lan

Router #2 is behind a DSL modem,
 - modem wan, modem lan
 - router wan, lan

Following FVS manual and other sources I tried to setup a VPN between the two. I tried opening / forwarding  through the modems ports
TCP 1723
TCP 47
UDP 500 for IKE
and UDP 1701

I must be missing some negotiation part, though - I am unable to establish conn.

Am I missing ports for IPSec VPNs? What else could cause the connection to fail?
Question by:Ronino
    LVL 8

    Accepted Solution

    You've missed UDP 5500, the rest seems ok :)
    LVL 1

    Assisted Solution

    Standard IPSEC, uses UDP 500 and IP protocol 50 (ESP). Be sure NAT Traversal is enabled on both routers. Since you're going through a NAT device (managed cable modem), the IPSEC ESP packets will need to be encapsulated in UDP. NAT Traversal typically uses UDP 4500, but I've also seedn UDP 1500, as well.
    Once NAT Traversal is enabled, the two routers will detect the NAT device during phase 1 negotiations, and will automatically encapsulate the ESP packets in UDP.

    Author Comment

    Unfortunately I don't see any options in the interface to enable NAT Traversal, in either the Motorola cable modem or the Westell DSL modem. I don't assume that the forwarding of UDP 4500 and UDP 1500 alone will take care of the problem?
    LVL 1

    Assisted Solution

    NAT-T is enabled on the routers terminating the VPN connection, not on the modems.

    Author Comment

    Got too complex already - but went back and found a simple solution.

    You can call the cable company and ask for either
    1. a dumb modem, with no routing  capabilities
    2. that they turn off the routing and firewall features in the modem.

    At that point, the domain name resolves correctly from inside or outside the network.

    Thanks all!

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Suggested Solutions

    To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
    So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now