We help IT Professionals succeed at work.

VPN client can't connect to tunnel

MrRude asked
Here is the scenario:

Private Network - Domain controller handing out DHCP addresses - NetGear VPN Firewall SRX5308 -
Prior to the Firewall install the Domain Controller used the IP ( of the DSL modem as default gateway and everything worked fine.

When connection the Netgear, have to connect DSL modem to WAN1 to get address. It couldn't get an address until I turned on DHCP on the modem.

Here is how it is configured - NetGear SRX5308 is (still the default gateway for the network). DHCP issued ip of for LAN side of Netgear (DSL modem is

After much trouble added DDNS name to netgear. I can ping the name from a home internet connection and get a reply from, but when trying to connect to tunnel using Netgear Client all I get is "giving up on connection" message.

Am I overlooking something obvious? Any ideas?
Watch Question

You are trying to VPN to from a remote site? If so, that will never work as 192.168.x.x is a private IP space not used on the internet. You must VPN to the public IP of your DSL modem. Your DSL modem should be passing through all traffic.

A better solution, would be to set your DSL modem as an endpoint and not do any NAT on it. Then the public IP would be on your VPN Router. You will still need to VPN to a public IP, not a private one.

Pretty much what I figured. When you say set modem to endpoint, Do i need static ip?
you need static ip(public) to get the vpn client connect......

and try to make the configuration of modem on bridge mode and also reserved a private ip for vpn client.
you need to configure the private to the client and that client will take public ip from your remote isp and that public ip will connect with the public ip in your main location or netgear location.

ipsec based vpn is a public to public ip connectivity....(hope you are using ipsec client)

DDNS is resolving your ip address and for that you are able get the ping...if netgear allow DDNS...then

configure DDNS in your netgear system...open port for them( the application you want to access).make NAT...
in your remote location install DDNS...
now you can connect like abcd@abcd.org or something like that.

but i think this would be available only in full version( paid version)
and better to go for IPSEC based vpn
Thanks a lot for your help!