Setting up a VPN connection

alpha12903 · Jan 18, 2014

Hi,

This is what I'm trying to do

Central Office Network <---> FVS318 <---> (Firewall that does not support VPN) <--VPN--> Internet <--VPN--> FVS318 <---> Secondary Office Network

I have a 2 Netgear FVS318's to setup a VPN for some IP Phones at a remote location. Since this firewall has a like 12mbps throughput we can't use a FVS318 as our primary firewall, as we get 60mbps down.

If I used this as our primary firewall, then it would be a piece of cake to setup, but now I'm not sure if I can setup this firewall (FVS318) to be a VPN server if it is plugged into our main firewall at the central office.

I could connect the FVS318 to the main firewall and then setup a DMZ to the FVS318 at the central office, but I'm not sure what to do beyond that.

Basically what I'm asking is if I can just have a FVS318 run under an existing firewall just as a VPN server, not a firewall or router, and if yes, how would it be done?

This is my first time setting up a VPN so please do let me know if I left something out.

Thanks for the help,
Sam

bill001g · Jan 18, 2014

I suspect you are going to have some issues. First you are going to need another router between the office network and the netgear. I am assuming you have some traffic that is to go to the internet and some that is to go to vpn to get to the other office. If the netgear is a bottleneck you need another device that will send only the traffic destined for the remote office to the netgear and send the rest to the firewall.

DMZ will do you little good unless you can map a dedicated ip address to the netgear firewall. IPSEC really doesn't like NAT and you cannot map PROTOCOL 50 since it is not a port. So you must run NATT and your main firewall must support it.

alpha12903 · Jan 18, 2014

bill001g :

What if I setup a Windows Server machine to be the VPN server, port forward whatever's needed to that machine, and then use the FV318's at the remote location to connect to the server?

Would that work?

bill001g · Jan 18, 2014

That will solve your routing issue from the main site if you only have a single machine but ipsec is ipsec you will have to run natt to get it to work. You can not port forward a protocol

alpha12903 · Jan 18, 2014

bill001g :

"Single Machine"- as in computers on that network? We have like 20 computers if that's what you're saying, so that wouldn't work.

If I get a new firewall that supports VPN and the high throughput we need, such as this Cisco one http://www.newegg.com/Product/Product.aspx?Item=N82E16833150141 or http://www.newegg.com/Product/Product.aspx?Item=N82E16833122446 , would the FVS318 (VPN client at remote site) be able to connect to the main firewall ok? It is two different models/brands...

Search

Setting up a VPN connection

alpha12903

Distinguished

bill001g

Titan

alpha12903

Distinguished

bill001g

Titan

alpha12903

Distinguished

TRENDING THREADS

Latest posts

Moderators online

Share this page