Sign in with
Sign up | Sign in
Your question

Accessing FVM318 from behind NAT

Last response: in Networking
Share
June 21, 2004 11:44:48 AM

Archived from groups: comp.dcom.vpn (More info?)

I have set up a VPN using a Netgear FVM318 and the Netgear Prosafe VPN
client. When I use a dial up connection on the client I can access the
network via the VPN. In order to access anything on the network via computer
name or mapped drive I had to add an entry to the host file on the client
machine (matching an IP to a computer name). Not the ideal way to do it but
it works.

My real problem seems to be when the client is behind a NAT router. I can
establish a VPN connection; hower, I can not ping or access anything on the
network. I looked in the client logs and have this:

6-21: 07:29:59.668
6-21: 07:29:59.668 My Connections\FVS318 - Attempting to resolve Hostname
(seafarer.dnsalias.net)
6-21: 07:29:59.698 My Connections\FVS318 - Initiating IKE Phase 1
(Hostname=seafarer.dnsalias.net) (IP ADDR=68.52.170.145)
6-21: 07:30:00.720 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG (SA,
KE, NON, ID, VID 5x)
6-21: 07:30:03.724 My Connections\FVS318 - RECEIVED<<< ISAKMP OAK AG (SA,
KE, NON, ID, HASH)
6-21: 07:30:05.146 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG
*(HASH, NOTIFY:STATUS_INITIAL_CONTACT)
6-21: 07:30:05.146 My Connections\FVS318 - Established IKE SA
6-21: 07:30:05.146 MY COOKIE e8 af 92 9c 3c 18 fa d9
6-21: 07:30:05.146 HIS COOKIE 4d fa a7 5e 53 3a be 4f
6-21: 07:30:06.808 My Connections\FVS318 - Initiating IKE Phase 2 with
Client IDs (message id: 557690FC)
6-21: 07:30:06.808 Initiator = IP ADDR=192.168.1.7, prot = 0 port = 0
6-21: 07:30:06.808 Responder = IP SUBNET/MASK=192.168.0.0/255.255.255.0,
prot = 0 port = 0
6-21: 07:30:06.808 My Connections\FVS318 - SENDING>>>> ISAKMP OAK QM
*(HASH, SA, NON, KE, ID 2x)
6-21: 07:30:09.883 My Connections\FVS318 - RECEIVED<<< ISAKMP OAK QM
*(HASH, SA, NON, KE, ID 2x)
6-21: 07:30:09.883 My Connections\FVS318 - Filter entry 4: SECURE
192.168.001.007&255.255.255.255 192.168.000.000&255.255.255.000
DNS.DNS.DNS.DNS added.
6-21: 07:30:09.883 My Connections\FVS318 - SENDING>>>> ISAKMP OAK QM
*(HASH)
6-21: 07:30:10.033 My Connections\FVS318 - Loading IPSec SA (Message ID =
557690FC OUTBOUND SPI = E3248B65 INBOUND SPI = 214CFDC0)
6-21: 07:30:10.033
6-21: 07:30:44.493 Inbound packet failed validation: 192.168.0.103 ->
66.15.92.28
6-21: 07:30:51.943 Inbound packet failed validation: 192.168.0.103 ->
66.15.92.28

I am a bit confused by the last two lines regarding the 'failed validation'.
They seem to come at random, the only IP I tried to ping before that message
was 192.168.0.1 (the router). Sometimes I will get a 'failed validation'
regarding another computer on my network; but again, it seems to be at
random. The subnet that the client is on is 192.168.1.0 and the VPN is on
192.168.0.0.

Any ideas are appreciated, thanks.

Todd

More about : accessing fvm318 nat

June 22, 2004 8:50:43 PM

Archived from groups: comp.dcom.vpn (More info?)

leupi:

It's probably not a good idea to give out every scrap of information
about your VPN config when you include your external IP addresses. You
might want to XX out some of the octets when posting in the future.

Have you checked to see whether IPSEC passthrough is operating
properly on the NAT router? You said you can connect, but get the
failed validation. That could be a passthrough issue.

If that doesn't work, it could be that your NAT router is using an MTU
setting that is too high.

See here:

http://www.broadbandreports.com/faq/7752


Brad






On Mon, 21 Jun 2004 07:44:48 -0400, "Todd" <leupi@comcast.net> wrote:

>I have set up a VPN using a Netgear FVM318 and the Netgear Prosafe VPN
>client. When I use a dial up connection on the client I can access the
>network via the VPN. In order to access anything on the network via computer
>name or mapped drive I had to add an entry to the host file on the client
>machine (matching an IP to a computer name). Not the ideal way to do it but
>it works.
>
>My real problem seems to be when the client is behind a NAT router. I can
>establish a VPN connection; hower, I can not ping or access anything on the
>network. I looked in the client logs and have this:
>
> 6-21: 07:29:59.668
> 6-21: 07:29:59.668 My Connections\FVS318 - Attempting to resolve Hostname
>(seafarer.dnsalias.net)
> 6-21: 07:29:59.698 My Connections\FVS318 - Initiating IKE Phase 1
>(Hostname=seafarer.dnsalias.net) (IP ADDR=68.52.170.145)
> 6-21: 07:30:00.720 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG (SA,
>KE, NON, ID, VID 5x)
> 6-21: 07:30:03.724 My Connections\FVS318 - RECEIVED<<< ISAKMP OAK AG (SA,
>KE, NON, ID, HASH)
> 6-21: 07:30:05.146 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG
>*(HASH, NOTIFY:STATUS_INITIAL_CONTACT)
> 6-21: 07:30:05.146 My Connections\FVS318 - Established IKE SA
> 6-21: 07:30:05.146 MY COOKIE e8 af 92 9c 3c 18 fa d9
> 6-21: 07:30:05.146 HIS COOKIE 4d fa a7 5e 53 3a be 4f
> 6-21: 07:30:06.808 My Connections\FVS318 - Initiating IKE Phase 2 with
>Client IDs (message id: 557690FC)
> 6-21: 07:30:06.808 Initiator = IP ADDR=192.168.1.7, prot = 0 port = 0
> 6-21: 07:30:06.808 Responder = IP SUBNET/MASK=192.168.0.0/255.255.255.0,
>prot = 0 port = 0
> 6-21: 07:30:06.808 My Connections\FVS318 - SENDING>>>> ISAKMP OAK QM
>*(HASH, SA, NON, KE, ID 2x)
> 6-21: 07:30:09.883 My Connections\FVS318 - RECEIVED<<< ISAKMP OAK QM
>*(HASH, SA, NON, KE, ID 2x)
> 6-21: 07:30:09.883 My Connections\FVS318 - Filter entry 4: SECURE
>192.168.001.007&255.255.255.255 192.168.000.000&255.255.255.000
>DNS.DNS.DNS.DNS added.
> 6-21: 07:30:09.883 My Connections\FVS318 - SENDING>>>> ISAKMP OAK QM
>*(HASH)
> 6-21: 07:30:10.033 My Connections\FVS318 - Loading IPSec SA (Message ID =
>557690FC OUTBOUND SPI = E3248B65 INBOUND SPI = 214CFDC0)
> 6-21: 07:30:10.033
> 6-21: 07:30:44.493 Inbound packet failed validation: 192.168.0.103 ->
>66.15.92.28
> 6-21: 07:30:51.943 Inbound packet failed validation: 192.168.0.103 ->
>66.15.92.28
>
>I am a bit confused by the last two lines regarding the 'failed validation'.
>They seem to come at random, the only IP I tried to ping before that message
>was 192.168.0.1 (the router). Sometimes I will get a 'failed validation'
>regarding another computer on my network; but again, it seems to be at
>random. The subnet that the client is on is 192.168.1.0 and the VPN is on
>192.168.0.0.
>
>Any ideas are appreciated, thanks.
>
>Todd
>
!