VPN Gateway behind Mobile Internet "Hub"

I have a client who until recently was using a DSL connection and had remote access in to their network over SSL VPN using a Netgear SRXN3205.

They are in a rural area and the DSL line was too slow for their needs, so they are testing out a Mobile Internet "Hub" (as termed by the provider). It is essentially a Modem/Router that works on the 4G network. It has wireless b/g for internal use as well as a 4 port switch built in.

I was able to configure the Netgear device as an access point behind the Mobile device and give users access to the LAN and Internet.

I'm wondering if it's possible to still allow VPN access using the Netgear in this configuration.

On the Mobile device I am able to forward port 443 to the Netgear, and I can see the port open from the Internet.

The portal at https://public.ip.address/portal/SSL is not working however. On the Netgear I have the portal configured at

Has anyone tried this kind of a setup before? What other configuration might I require on the Mobile device or Netgear to get this working? Or is it even possible?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I am not familiar with those products, but the firewalls that I work with normally require the WAN interface to have the Public IP address for VPN to work.
If you have a Windows server then you could setup a PPTP or other WIndows VPN.  Then set the port forwarding as needed and change to a Windows VPN.

Otherwise, I would check on that device from the ISP and ask if it has any type of bridged mode feature so that the public IP can be set on the Router/Firewall.  Or maybe it is possible to assign your Netgear a Public IP with some reconfig os the ISP device.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
What do you mean by "On the Netgear I have the portal configured at"?

Did you switch from:

VPN ---1--- internet --2-- DSL modem --3--  Netgear SRXN3205 --4---- computer (VPN)


VPN ---1--- internet --2-- Mobile Internet "Hub" --3--  Netgear SRXN3205 --4---- computer (VPN)

"On the Mobile device I am able to forward port 443 to the Netgear, and I can see the port open from the Internet."

Is the Netgear setup correctly to forward port 443 or other secure ports? Have you tried to DMZ the computer and see if that works?

IT_ServiceAuthor Commented:
@chakko - that may be the case ... that the WAN port needs to be used, in which case they are probably out of luck with this type of connection. There is no 'bridged mode' feature on the Mobile device.

@inbox788 - You are correct in what was changed, but note that the VPN is not being hosted by any computer or server. The VPN is configured on the Netgear SRXN3205. The config screen where I set up the VPN shows the SSL portal at that URL -->

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

I see. Looks like you're using the router to tunnel the VPN. Have you enabled remote management on the router? Are you using an administrator level account on the client?
Did you get an internet package with more than 1 IP address?  if yes, then maybe you can assign the WAN interface with a public IP, and if the Mobile device is performing a NAT function that may need to be turned off.
IT_ServiceAuthor Commented:
Decided to just work around this issue for now.

I think chakko is correct in that it likely has to be the WAN port.

Thanks for the advice.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.