| reply to gfunkdave
Re: VPN between FVS318 and WinXP? All right, so here are the config details. (It's long...)
This is for accessing VPN from behind a NAT router where the subnet on the NAT router and the subnet on the VPN router are different. In this example, the NAT router's subnet is 192.168.1.xxx and the VPN router's subnet is 192.168.0.xxx.
1. On the router's VPN config web screen:
i. Connection Name: whatever you want
ii. Local IPSec ID: fully qualified domain name of the router's WAN port
iii. Remote IPSec ID: Something unique among all the VPN connections you have
iv. Tunnel can be accessed from a subnet of local address
--> Start IP address: 192.168.0.0
--> Subnet: 255.255.255.0
v. Tunnel can access a single remote address
--> Start IP address: 192.168.100.2
vi. Remote WAN IP or FQDN: leave blank
vii. Secure Association: Aggressive Mode
viii. Perfect Forward Secrecy: Enabled
ix. Encryption protocol: 3DES
x. Key Group: Diffie Hellman Group 2
xi. Preshared Key: Your key
xii. Key Life: 28800
xiii. IKE Life Time: 86400
2. In the Netgear Security Policy Editor
i.Create a new connection and expand its properties in the left pane
ii. Click on the connection name you just created.
iii. Connection security: secure
iv. ID Type: IP Subnet
v. Subnet: 192.168.0.0
vi. Mask: 255.255.255.0
vii. Protocol: all
viii. Check the box, connect using Secure Gateway tunnel
ix. Set ID Type: Domain name. In the box under it, type the FQDN of your VPN router. This should be the same as the local IPSec ID you set on the web config screen in 1ii. above.
x. Set the other dropdown to Gateway Host Name, and use the same FQDN in the box below.
xi. Click My Identity.
xii. Click Pre-shared key and enter your preshared key.
xiii. ID Type: Domain Name. In the box below, type the "remote ip sec identifier" you entered in 1iii above.
xiv. Virtual adapter: disabled
xv. Internal network IP address: 192.168.100.2 (same one you entered in 1v.)
xvi. Click Security Policy and expand it on the left pane.
xvii. Select Phase 1 negotiation mode: Aggressive Mode
xviii. Enable Perfect Forward Secrecy: checked.
xix. PFS Key Group: Diffie Hellman Group 2
xx. Enable replay detection: checked
xxi.Expand Authentication (Phase 1) and click Proposal 1
xxii. Authentication method: pre-shared key
xxiii: Encrypt Alg: Triple DES; Hash Alg: SHA-1; SA Life: Unspecified; Key Group: Diffie Hellman Group 2
xxiv. Expand Key Exchange (Phase 2) and select Proposal 1
xxv. SA Life: Unspecified; Compression: None
xxvi. Check the Encapsulation Protocol box
xxvii. Encrypt Alg: Triple DES; Hash Alg: SHA-1; Encapsulation: Tunnel
xxviii. Authentication protocol should be unselected.
xxix. Save changes and try it. |
|
|
Thanks so much for that post!
I have one problem though:
xi. Click My Identity.
xii. Click Pre-shared key and enter your preshared key.
xiii. ID Type: Domain Name. In the box below, type the "remote ip sec identifier" you entered in 1iii above.
I have to have Select Certificate set to `None` in order to enter a preshared key. When I have it set to None,
ID Type dropdown only has 1 option in it, and that is: IP Address.. and when i click on that, it automatically fills in 192.168.1.100.. and i cannot edit this?
|
|
| ITS WORKING!!
thanks so much for your help and time.. I would be stuck days trying to get this accomplished.
Is there anything I should be aware of when setting up any other connections on the VPN? like set a different Remote LAN IP address Start IP or anything like that?
Or can i just copy the exact config, and just change the Key?
Thanks again!! |
|
| Ok.. interesting.
Everything seemed to be running perfectly. I went for about an hour to get something to eat for lunch.. came back, and my vpn connection is now verry sporradic.
In the monitor its connected, disconnecting and reconnecting works fine.. but try to transfer anything to the mapped drive and it looks like it starts, then it just stalls, and the mapping disconnects, or i get a Not Responding in the window then it disconnects (session still looks active)
Pinging to the remote server works great.. when i have for force an end task, it refreshed my windows explorer and taskbar.. and then the VPN Client disappears in the taskbar.. have to reboot to bring it back. and if the vpn client is missing in the taskbar, and i go through start->prog->vpn client-> monitor.. it shows the connection..
logs dont show any problems.. rebooted serveral times.. very odd. |
|
| reply to wolfiegrr
Hi wolfie,
Don't suppose I could pester you for your config info you're using with this setup. I have the same one and am finding getting the prosoft client to talk to the FVS318 router to be quite unintuitive.
Thanks for any help. |
|
