Authentication error in VPN between two Netgear DG834

What type of VPN? IPSec with PSK?

Usually u set a shared pass phrase. Tell router A to connect to WAN IP router B, and Vice versa to Router A.

If that was done, check logs on firewall perhaps. Is there another device in between that might be blocking the IpSec port or MS VPN ports?

The ipsec verify command should give an [OK] status for most of its checks like the one below:

[root@vpn2 tmp]# ipsec verify

Checking your system to see if IPsec got installed and started correctly

Version check and ipsec on-path                             [OK]

Checking for KLIPS support in kernel                        [OK]

Checking for RSA private key (/etc/ipsec.secrets)           [OK]

Checking that pluto is running                              [OK]

DNS checks.

Looking for forward key for vpn2                          [NO KEY]

Does the machine have at least one non-private address      [OK]

Two or more interfaces found, checking IP forwarding        [OK]

Checking NAT and MASQUERADING                               [OK]

[root@vpn2 tmp]#


*********************************************************
check this once

 Try setting the IKE direction to 'Responder only' on one of the VPN endpoints.

U should go to router settings on both the sides and provide the machines to which it will get connect.
I am not sure about the netgear router, but u need to go to Virtual sever and open the port VPN 1723 with the Ip defined. The same steps needs to be followed on the another router.
Also if u can post the screen shot of your router application, may be then i can help u better on the same.
 
 

Hi Diprajbasu:

Where do I run the IPSEC Verify command?  The VPN connection has a Windows 7 PC at one end and a Windows SBS2003 server at the other.  There is no VPN client running as it is a hardware VPN to VPN connection.

As i understand you have 2 routers and want to connect each other with VPN.
you need to specify  routers Ip in the Virtual Server (Router configuration) and the VPN port which is 1723. Same settings needs to be applied on both the routers. Then u can start using your VPN connection.
 

I have attached screen shots of both router setups.

With respect to the port number 1723: do I need to manually open it up anyway or does the Netgear wizrad do it automatically.

Also the ipsec verify question.  Is it a linux command because I can not get it to run on my windows PC
NetgearVPN-Home.JPG

The office setup
NetgearVPN-Office.JPG

HI bijal7612,

I was initially confused by your answer but I had a go at setting up a manual policy and it worked.  The secret deemed to be getting the length of the pre-key correct.  The only down side is I cannot use a dynamic IP address.

Also the Netgear instructions to teh right of the screen in th epolicy setup window keep referring to Enabling NetBIOS but I cannot see that option.  Is it enabled by default?  Is there another place to set it?

Thanks again for your help.

The initial reading of the solution lead me to believe the expert had not asctually reviewed my screen shots since he was telling me to check my IP classes but the classes were clearly on show in the screen shot.  I would have expected him to suggest a new IP if he thought mine were faulty.

Anyway his first suggestion of not using a auto VPN and confused me because the VPN wizard only creates autopolicies.  But after a bit of fiddling around I worked it out and all is good now.

I think th eexperts need sto remember that the questioners sometimes are newbies who need a little bit extra guideance.  Very sussinct answers do not get teh message across sometimes.

Anyway thanks again.