Correlating VPN client softare settings .. if possible.

I have a companion question:
http://www.experts-exchange.com/questions/28705077/Choice-of-VPN-approaches.html

It seems fair to expand on that question with a new one ... HERE:

I am having trouble aligning settings information between VPN client programs.
So far, I'm using the Netgear Prosafe VPN client and am trying to use the NCP Secure Entry client.

So far, I'm able to use the Netgear software on Windows 7 and connect right away.
But, on the same network, I can't connect with Windows 10 at all.

Also, it appears from vpncasestudy.com that using NCP will require that I change the VPN server settings - which I'm not all that happy to think about as long as the Netgear clients work.

Some Windows 10 machines won't connect at all.
Others will connect but seem to lose their connections a bit too frequently.
This all with a Netgear FVS336Gv2 that I'm going to be updating (firmware) on Friday.
One hopes that the newer firmware will make things better but something tells me that Windows 10 has its own issue.

I'd like to focus this question on the existing router and explore what might be done.  But, in view of the Windows 7 experience, I'm a bit hard-pressed to know just what.
LVL 27
Fred MarshallPrincipalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
The Netgear Prosafe VPN client may not be compatible with Windows 10. NCP required a specific upgrade just to move from Windows 8 to Windows 8.1. The client must be completely compatible with the operating system.

using NCP will require that I change the VPN server settings <-- What specific changes are required?  I use NCP with several models of Juniper Netscreen boxes and a couple of Cisco RVxx boxes and I did not have to change anything.

Here are some ordinary NCP settings I know to work.

Basic Settings Profile Name Give a Name
Connection Type: select VPN connection
Communication Medium: Automatic
Default profile after reboot: Not selected
Windows Dial-up Network – Never

Line Management Connection Mode Manual
Inactivity timeout: 6000 Seconds
Prioritize VOIP: Not selected
ISDN: No
Pre-Authentication: No

IPsec General Settings    Tunnel Endpoint IP address of remote end
IKE Policy: PSK-DES-SHA-DH2
IPsec Policy: ESP-DES-SHA
Exchange Mode: Aggressive Mode  (for client to site)
PFS Group: None

Advanced IPsec Options
Advanced IPsec options: Standard IPsec
All others default

Identities Local Identity: Fully Qualified User Name
Pre-shared Key: Select this option
Shared secret:   [enter key]
Confirm secret: [confirm key]
 Extended Authorization Not needed in the example (depends on host setup)

IPsec Address Assignment      Assignment of Private IP  not used 0.0.0.0

 Split Tunneling 192.168.0.0 255.255.255.0  <-- This is where you enter remote IP subnet

 Certificate Check      None
       
Link Firewall     Off
Fred MarshallPrincipalAuthor Commented:
"didn't have to change anything" depends on where one is starting.

If you set out to work with the NCP client then perhaps you made judicious choices about configuration of the router.  Might that be the case?

I don't have that luxury really.  I need to leave the router VPN settings alone.  Well, I would certainly prefer to do that so I don't disrupt ALL the clients.  So, at least some things I've read suggest that the settings in the router are unfortunate with respect to NCP.
JohnBusiness Consultant (Owner)Commented:
No. The Netscreen boxes and configurations go back to days of the Juniper client (not NCP). I switched to NCP later and did not have to change anything. I did NOT match the hardware VPN box to NCP at all.

So I am not sure what your VPN hardware is doing that would be incompatible with NCP, but I find it very interoperable.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

JohnBusiness Consultant (Owner)Commented:
Fred - take a look at this post:

http://www.experts-exchange.com/questions/28706965/Netgear-FVS336GV2-to-Cisco-asa-5505-configuration.html

Same router and the asker cannot connect it to a Cisco box. It appears the Netgear is not properly compliant with IPsec standards in some way.
Fred MarshallPrincipalAuthor Commented:
Thanks John!
JohnBusiness Consultant (Owner)Commented:
Fred - you are most welcome and thank you. I like working with you. Good luck with VPN.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.