1. Home
  2. Virtual Private Networks
  3. Questions about IPSec Identifier

Questions about IPSec Identifier

Hi:

I'm attempting to set up a VPN connection between a work network and my home network (or client computer on my home network). (Eventually hope to expand this for use of about 6 or 7 clients.) On the work side there's a Netgear FVS318 router. On the home side a computer is running Netgear's client software under Windows XP-Pro, which ought to make things easy, but doesn't seem to. There's also a Belkin wireless router on the home site, with VPN pass-through.

It's not clear to me what I need to put in the IPSec Identifier sections of the Netgear router at work. I gather that the remote identifier (in the Netgear router at work) needs to be the LAN address of the computer that's running the Netgear Client software, but what is the local identifier at work? Why is it that when I use the "wizard" to set up the network on the router it leaves the local IPSec identifier as

0.0.0.0? Am I supposed to change that to the address assigned to the router (typically, something like 192.168.0.1) or should it be set to the WAN address, or just left 0.0.0.0? Also, does it make a difference whether I set this up from the office or home network? I'm kind of inferring that since the software at home is called a "client" that the communication parameters will be established by the Netgear router, but I'm a little puzzled about that. Does the distinction between client and (server?) really matter in this case?

I should add that I'd also like to set up a connection with my MacBook at home, but does that need to be a completely separate connection in the work router, since it will have a different identifier? If I want to set things up so I can connect using my MacBook from any location am I supposed to use the MAC address as the remote identifier? If not, how do you set up such a "wandering" VPN connection?

This stuff just seems far more inscrutable than it has to be. If the "identifier" has to be a dot4 address, why don't they just say that? If it can be a MAC address why don't they tell me? If it's really supposed to be unique (not mentioned anywhere else in the VPN definition) can it just be any random name?

In general I think that whatever the local and remote identifiers are at the initiation (server?) site those have to be reversed for the client at my home site (or my wandering MacBook). Is that right?

Reply to
Freewheeling
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.