Ok, I'm about to pull my hair out getting this thing to work. My client wants a few of his employees to login from home (a couple have cable, a couple dial-up) so they can do work. I've tried logging in from my home computer (which uses dial-up and is not on a network), but keep getting "message not received - retransmitting". Any and all help is much appreciated. Here is the businesses LAN/WAN setup:
ADSL Modem Router (SBC Yahoo) | Netgear FVS318 Router (using DHCP) LAN IP: 192.168.0.1 WAN IP: 69.215.xxx.xxx | D-Link 24-Port Switch |
13 Computers PC's Obtain IP address automaticallyI've spoken with our ISP and we set the Cayman 3500 Series to use a public IP (69.215.xxx.xxx), disabled DHCP and NAT. Basically just using it as a Pass-Through to the Netgear router.
The FVS318 "VPN Settings" are as follows: (all names are for example only)
----------------------------------------- Connection Name: MyCompany Local IPSec: Firewall Remote IPSec: RemotePC Tunnel can be accessed: a subnet of local addresses LAN Start IP: 192.168.0.0 LAN Finish IP: 0.0.0.0 Subnet: 255.255.255.0 Tunnel can access: a single remote address (this is where I'm confused about what to put) Remote LAN Start IP: 192.168.100.1 Remote LAN Finish IP: 0.0.0.0 Subnet: 0.0.0.0 Remote WAN IP: 0.0.0.0
SA: Aggressive Mode Perfect Forward Secrecy: enabled Encryption: 3DES Key Group: Diffie-Hellman Group 2 Preshared Key: ********* Key Life: 28800 IKE Life Time: 86400 NETBIOS: enabled
VPN Client (Netgear ProSafe v.10.1)
----------------------------------- Secure Remote Party ID: IP Subnet Subnet: 192.168.0.2 Mask: 255.255.255.0 Protocol: All Connect Using: Secure Gateway Tunnel ID Type: Any Gateway IP Address: 69.215.xxx.xxx
My Identity Pre-Shared Key: xxxxxxxxx (Same as FVS318 Router) ID Type: Domain Name = MyCompany (Connection Name from FVS318) Virtual Adapter: Disabled Internal Network IP Address: 192.168.100.1 Internal Interface Name: Any IP Address: Any
Security Policy: Aggressive Mode Enable PFS: Yes PFS Key Group: Diffie-Hellman Group 2 Enable Replay Detection: Yes
Authentication Phase 1 - Proposal 1 Authentication Method: Pre-Shared Key Encryption Algorithm: 3DES Hash Alg: MD5 SA Life: Unspecified Key Group: Diffie-Hellman Group 2
Key Exchange Phase 2 - Proposal 1 SA Life: Unspecified Compression: None
ESP Encryption Method: 3DES Hash Alg: MD5 Encapsulation: Tunnel Authentication Protocol: No
Option > Global Policy Settings:
Retransmit Interval: 45 Number of retries: 3 Send status notification to peer hosts: yes allow to specify internal Network Address: yes Enable IPSec logging: yes smart card removal clears keys: no
Also, could my home ISP (bluelight.com) possibly not allow an VPN access through their system? Or is my setup not correct somewhere in the hardware. I don't have any port forwarding setup on the FVS318 - does this have to be done. Thank you for any and all help concerning this.
Sincerely,
Patrick Whitson