Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Creating a VPN with a FVS318G


  • Please log in to reply
9 replies to this topic

#1 iMack

iMack

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 10 December 2013 - 02:37 AM

This should be so easy! I'm trying to establish a VPN between two sites. I have all the internal and public IP addresses, pre-shared key for both sites. But while I can get some internet traffic passing through the filewall the VPN tunnel refuses to be created.

Do the local IP settings have to be on the same subnet?

 

Should these settings

 

Local LAN ip is 10.0.0.200

Remote LAN ip is 192.168.1.2

 

be chaged to

 

Local LAN IP : 192.168.10.1

Remote LAN IP: 192.168.1.2

 

Any tips of hints (apart from change firewall brands) would be very welcome as hitting my head against the wall is starting to hurt!

 



BC AdBot (Login to Remove)

 


#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:12:29 AM

Posted 11 December 2013 - 02:08 AM

1. Do you have static WAN Ip addresses? 2. are you connecting with 2 Firewalls or 1 Firewall and 1 software client. 

FVS318G
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#3 iMack

iMack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 11 December 2013 - 06:55 PM

I have 2 Fixed IP's and 2 x firewalls.

I've done this before with no problems but this time its just not working!



#4 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:12:29 AM

Posted 11 December 2013 - 07:26 PM

"Local LAN ip is 10.0.0.200", Is that the inside address of the Firewall or the network adress? At what point does the VPN fail, does the tunnel ever get created? Any issues with authentication or just with routing (the two firewalls connect but you cant send any traffic)?


Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#5 iMack

iMack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 12 December 2013 - 02:04 AM

Hello Sneakycyber,

Thanks for your help.

 

The Firewall's IP address on the local network is 192.168.5.1.

The modem is 192.168.1.254

The VPN doesn't get created at all as the verifications (Phase 1 and Phase 2) both fail due to time outs.



#6 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:12:29 AM

Posted 23 December 2013 - 05:34 PM

Sorry for the delay, been busy with work. Both of the The Firewall's need to have a Public IP reacheable from the Internet on the outside WAN interface (not absolute but VERY dificult without) the subnet 192.168.x.x is not a public IP your ISP modem is providing NAT and its likely stopping your VPN connection.

  1. Do you have static WAN IP's at both locations
  2. Are you able to put the ISP "Modems" in Bridge mode (or what are the model numbers of the Modems)
  3. Do you have the reference manual for your Hardware  If not please download it from the link provided. I will referr to page numbers to save typing. 

Edited by Sneakycyber, 23 December 2013 - 05:35 PM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#7 iMack

iMack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 23 December 2013 - 05:50 PM

Hi Sneakycyber, no problems about the delay, its given me time to research VPN's. I think you have the answer with putting the modem into Bridge mode. I tried it with another VPN setup and it worked as it should.

 

I've read the manual for the unit so many times I could almost quote parts of it however, i don't remember any mention in there of setting the modem to bridge mode - a small but critical step in getting it to work.

 

Thanks for your time and help. I think we can close this thread as successfully answered.

 

Regards,

iMack



#8 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:12:29 AM

Posted 23 December 2013 - 07:29 PM

The manual with the Netgear won't tell you how to bridge your ISP's modem you will have to contact them or look up the information online  :mellow: Without reading the manual completely it might have mentioned static WAN IP or being able to access the Firewall from outside your network. 


Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#9 iMack

iMack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 24 December 2013 - 03:43 AM

I didn't expect the Netgear manual to tell me how to configure the modem to act as a bridge. I thought there may have been a note or reference to say " ... set your modem to bridge mode".
The Quick Start instructions just say to unplug the cable joining the modem to the computer, plug that cable into the firewall. Get the cable that came with the unit and join the unit to the computer.
That's what caused my brain meltdown - I followed what the instructions said and couldn't get the thing to work.

Merry Christmas

#10 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:12:29 AM

Posted 24 December 2013 - 04:06 AM

If I remember correctly from my Cisco text and from reading your owners guide (not the easy startup guide) it doesn't say specifically to bridge your modem but assumes your connecting to a "modem" not a router. A router will provide NAT/PAT where a modem generally does not (unless it has a built in router). It can also be confusing when the ISP referrs to it as a "Gateway" Confusing to say the least, glad you got it solved!

Edited by Sneakycyber, 24 December 2013 - 04:06 AM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users