dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
533
share rss forum feed

denali

join:2014-08-31
Chattanooga, TN

Connecting ASUS RT-AC66R to Netgear SRXN3205

Howdy,

I'm a first time VPN user. I own an ASUS AC-RT66R at home.

At work, I have a Netgear SRXN3205. I have access to admin panels on both routers, but I'm not sure what information to provide. I can say that my ASUS says it has connected to the Netgear, but the Netgear doesn't see it and the ASUS can't seem to finish setting up the connection. I'm having knee surgery in October, so I'm hoping to get this done by then so I can work from home and not leave my 66 year old employer in the lurch during my convalescence.

Any help, suggestions and Gibbs smacks across the back of the head are appreciated.


BlueMist

join:2011-01-24
Cookeville, TN
Being a first timer I would suggest you set this up in two stages.

First would be to configure the Netgear box at the office and verifying you can VPN into it properly using just a PC that is not part of the office network. That means connect from home, coffee shop, or where ever, just not from another PC at work.

Here is a link that basically takes one by the hand and shows you how to do it.
Netgear's tutorial is using the SRX5308 model for the tutorial but they tend to use the same or similar menus on many of their models. I'd print it out and see how closely it matches your office router but it should be worth a try.

»kb.netgear.com/app/answers/detai···-routers

Only after you are happy with the way things work using the router to PC method would I proceed with configuring the Asus. Who knows you might not even need or want to use the Asus in VPN mode after making the above work as you would be able to take a laptop to anywhere you can get a decent wireless connection and do your office work and not be tied to using just your home router connection.

One thing I've run into trouble with on a few networks is if the "office" LAN network was configured to use say 192.168.1.xxx and the home network used the same 192.168.1.xxx range there may be conflicts. That is why I have set my home network for something like 192.168.8.xxx. The actual values really won't matter as long as the two ends of the VPN don't use the same IP range.

Should you still want to attempt to use the Asus you would leave the office machine as it is (provided you could get the PC to Office VPN to work). The office machine normally can not tell the difference between a PC connecting to it or another router using the correct VPN configuration.

If needed I can try to find a tutorial on hooking the Asus to a working PPTP VPN host (not the same as a OpenVPN host).

denali

join:2014-08-31
Chattanooga, TN
Hi BlueMist!

First, thank you for replying. I truly appreciate it.

I tried what you suggested. The instructions do not seem to be close. Also, the client software that I can get appears to need a license number. I've not been able to find one on the documentation we received with the router and when I went on Netgear's "App Market", I couldn't find a way to buy one.

Looking at the Netgear Admin Panel, it seems to only support IPSec and something called SSL VPN. My ASUS supports PPTP, L2TP and OpenVPN. I got the impression that L2TP and IPSec are the same thing, but I'm not really sure. Are they?

Reading your message, it appears I might need to change the IP range that my router issues to machines in the network. I can do that with no problems. Any other suggestions?

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to denali
Is your ASUS running some sort of alt firmware, because AFAIK, stock ASUS firmware doesn't do
any sort of VPN. So can you clarify that first, please?

My 00000010bits

Regards


BlueMist

join:2011-01-24
Cookeville, TN
reply to denali
I see now that the ProSafe software that Netgear is sold separately from the router itself.

From looking again at the user manual for the Netgear I hate to admit that it is not something I can setup over this forum. While I hate to admit it I think your best bet is to get with Netgear support and see if they have a vendor in your local area that can come out and set this up for you. Even that might be difficult since the Netgear box is listed as no longer being supported by them due to it's age.

Judging by your questions no one in the IT department is has any idea how to configure the box either.

One last question, does anyone at your company use that Netgear to VPN into the company network or is this just something left behind by the last IT people that installed stuff? If someone actually is using it you might be able to get with that person and see how their PC is setup to do it.

As for myself, if I had this box I would consider replacing the box with a more modern one that does not need proprietary software to make a VPN connection.

I'd have the box replaced with something like your Asus that supports the same 3 protocols and go from there. The L2TP is newer than PPTP and OpenVPN is used all over the place as well but it tends to be a little more difficult for the newbie to setup.

Sorry I'm just not up to the task of making this work for you and judging from how long your first request for help went unanswered I suspect there very few others are willing to take it on as well.

Hopefully someone who uses this model or one like it can assist you in your quest.
Good Luck

denali

join:2014-08-31
Chattanooga, TN
Technically, I am the IT department. While I understand basic networking, VPN is something I'm struggling to learn. Everything I've read seems more like art than science to me. I am the only person, thus far, who has even attempted to use VPN in the business.

Netgear support hasn't been very helpful. Neither has their forum. Frankly, this ASUS router is a hell of a lot nicer and was half the price. I've even managed to get my Android phone to hook up to it via VPN, which is why I decided to tackle this project in advance of my surgery.

Unfortunately, replacing the box is out of the question. My employer is retiring in about 3 years and since the router is working for the great most part, he's not inclined to shell out the money. I honestly can't say I blame him.

denali

join:2014-08-31
Chattanooga, TN
reply to HELLFIRE
I'm running stock rom. I tried posting a link to the specifications page, showing it does VPN, but for some reason it didn't post. I don't know if the post got screwed up or a moderator k.o.'d it.

denali

join:2014-08-31
Chattanooga, TN
reply to HELLFIRE
Please see:

»www.asus.com/Networking/RTAC66R/···cations/

Relevant section: "VPN Support"

denali

join:2014-08-31
Chattanooga, TN
Oh, now you show up... D'oh!

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to denali
Okay, thanks for sharing that. As BlueMist See Profile says, if you're looking for setup directions, your best bet
is hitting up ASUS' manual or support forum for step-by-step directions.

From what I gather, you want to set up what's called a "site-to-site-VPN" between your ASUS at your house
and the Netgear in the office, is that correct? If so, then you don't need to worry about additional software,
but you will need to find out where and how the actual options of that are set up -- my immediate thought
would be to use IPSec, as the "brand" of SSL VPN the Netgear uses may not be amenable to the OpenVPN that the
ASUS uses, even though the underlying technology's the same.

If you're using IPSec, you're going to have to match your phase 1 and phase 2 options and timers, and make sure
once all is said and done that the necessary inbound port(s) on the ASUS and Netgear is set up.

My 00000010bits

Regards


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to denali
Concur, your best bet is (since its an older Router?) is plain jane IPSEC.
»www.downloads.netgear.com/files/···2010.pdf

Lots of good info in that.

There may be other alternatives that meet your needs. Do you need to remote in to a PC for example^????

denali

join:2014-08-31
Chattanooga, TN
reply to HELLFIRE
The ASUS configuration mentions nothing about phases. Is IPsec and L2TP the same thing?

denali

join:2014-08-31
Chattanooga, TN
reply to Anav
No, I have absolutely no need to remote into the PC. I do, however, have a need to share drives and printers. I also have a need to SSH into a box that is not accessible from the Internet, but is accessible intranet.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to denali
said by denali:

Is IPsec and L2TP the same thing?

Yes and No... can you put up screenshots of the config options on both the ASUS and Netgear? Maybe we can walk you through that way.

said by denali:

I do, however, have a need to share drives and printers. I also have a need to SSH into a box that is not accessible from the Internet, but is accessible intranet.

That being the case, why are you not looking into a remote VPN connection thru the Netgear only, and involving the ASUS?
Put another way, here's your options as I see them :

your home computer -> your home LAN -> ASUS + S2S VPN -> VPN tunnel between ASUS and Netgear over "the internet" -> Netgear + S2S VPN -> office printers / resources / etc
 

-or-

your home computer -> your home LAN + VPN software -> ASUS -> "the internet" -> Netgear w/ remote access VPN config-> office printers / resources / etc
 

Both are workable... it just comes down to what you want / intend to do.

My 00000010bits

Regards

denali

join:2014-08-31
Chattanooga, TN
reply to denali
I'm curious. All of the printers, both in the house and in the office, will be available from both sides if I use a client on my computer to link to the office? The printers in question are all network (not USB or LPT) printers.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to denali
If you're running VPN software on a computer on your home LAN, and it's configured to do something called
"split tunneling," then yes, you could hit resources on your own LAN and the office LAN with ease.

If you want an office computer to be able to print to your home printer, then that's where you'd need to
do the site-to-site VPN.

Again, comes down to what exactly you want / intend to do, which we're still waiting for.

Regards