VPN setup question for XP.

Hi:

I'm attempting to set up a VPN for about 6 remote users connected through a Netgear FVS318. I've set up the VPN filters according to the information on this Netgear Support Page (using

formatting link
so it doesn't wrap):

formatting link
, but I'm not sure how to use the filters set up as part of a completed VPN connection. It appears they've left that critical part out of the directions. (I do have a router on my end. It's a Belkin N1. The WAN set on the Belking isn't the internet IP though. It's something that starts with 192.168 so it's local, and the connection uses a Windows gateway. Maybe that's complicating things.)

Clearly I can't use the VPN wizard to do it, because I've tried that, so there must me some manual rigmarole. The filters assume static addresses, and I generally have dynamic, but wanted to at least see if I can establish a network before dealing with that nicety. The IP addresses don't change, whether they're local or wide. BTW, I have set up a succussful Remote Desktop connection passing through this router, so it is possible to set up a two-way connection.

The following log file is the sequence the router runs through about half a dozen times before giving up on the VPN, when I attempt to use a generic VPN connection set up by Microsoft's wizard. (Yes, I did specify an IPSec shared key). It basically gets stuck to the Oakley Transform, though I don't know what "invalid value 14" means.

-----start log here----- Sat, 08/19/2006 13:07:32 - FVS318 IPsec:Receive Packet address:0x1397554 from ***.***.***.*** Sat, 08/19/2006 13:07:32 - FVS318 IKE:Peer Initialized IKE Main Mode Sat, 08/19/2006 13:07:32 - FVS318 IKE:[VPNCON2] RX

Reply to
Freewheeling
Loading thread data ...

I'll assume XP throughout.

Do you mean the FVS318 configured as the VPN device, talking to your local network using XP vpn server capabilities locally, or are you just using the FVS318 as a router/firewall for this connection, and using the built-in vpn capabilities of XP as client and server on each side?

The former may not work, the latter certainly will. In any case...

You have setup a target box on the lan for VPN, yes? This will be needed, since you're not running another FVS318 or equivalent on your end (in that case, they could just 'talk' directly to each other by setting up the apporopriate VPN parameters.)

If not, go to network connections on the target, select the 'create a new connection' task, next;setup advanced...;accept incoming...;allow vpn...;edit users as needed;edit networking s/w if needed; finish

You should now have an 'incoming connections' icon in your network connections.

You'll need to set the router on your end to send vpn traffic to the target. Not sure if the g/w system will get in the way, I've never used vpn on xp that way - is there a reason you don't just connect the router directly to the ISP modem?

Both sides need to be using the same vpn method, e.g., ppp, l2tp...

Since manufacturers interpret the VPN specs differently in some cases, this may not fly if you're trying to let the FVS318 act as the client, ymmv.

Good luck R

Reply to
heycarnut

heycarnut wrote:

Reply to
heycarnut

Well, it may not be the set choice but at the moment I was just going to tunnel to the router and see if the network server picked up the new connection. Not that I know what I'm doing, mind you.

I think the company uses the Win2000 server, or maybe Win2003.

If I want to set this up for multiple users I should probably do this on the server, right?

I thought it was. On both ends.

Alright.

There's supposedly a software client for the Netgear stuff. I should probably try that. Since most of the users' home systems will differ quite a bit that might be the only way to go. Trouble is, the disk with the client software seems to have been misplaced. Ugh.

Reply to
Freewheeling

I think the FSV318 can handle up to 8 simultaneous connections, which is enough for our small staff. On the other side I can't imagine that they'll need more than 1 connection per employee.

Reply to
Freewheeling

windows xp(192.168.1.5)-----(192.168.1.2)Windows Server 2003 RRAS----Sprint DSL Modem/Router

VPN server configured to allow IPSec over TCP with NAT/PAT/NAT-T. Client transparent tunnelling IPSec over TCP.

Connected to VPN server with split tunneling. ping, tracert and ssh traffic to corporate is successful. But no web traffic(http, https, imap/ssl) to corporate traffic. There is no service filtering on VPN concentrator. Windows xp is not using any proxy server. Windows server

2003 is told by sysadm as passing all traffic.

Any suggestion on what can go wrong?

Reply to
heycarnut

I must be missing something. Wouldn't that be $800 for 8 additional routers, or are you talking about something else? Would it be less expenive to let the users use their own equipment and just spend $50 for Netgear's client software? I'm strongly leaning in that direction, leaving Windows VPN stuff out of the picture. People from home would have access to the shared drives, or they could Remote Desktop directly to their own boxes at work.

Is there something I missed? Maybe this is silly, for some reason not obvious to me? Anyway, I guess your observation sort of rules out using Windowns solutions. Thanks.

Reply to
Freewheeling

I assumed the 8 users were in one remote office, but it appears you meant they were dispersed. Yes, the cheapest, and likely easiest solution in that case is to use the netgear vpn client s/w on each of the remote user machines.

Good luck,

r
Reply to
heycarnut

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.