Help! Roaming VPN Clients

Archived from groups: comp.dcom.vpn (More info?)

I have a small sales force that roams the country and needs to establish
frequent VPN connections.

My problem is connecting my clients from many unknown WiFi hot spots around
the country.

If I know the IP addresses at both ends I can establish a VPN connection
with our FVS318 using the Prosafe VPN clients. Problem is, my roaming client
IPs are always changing.

So how can I configure my netgear router end (w/static IP) to accept the
Prosafe clients from any hot spot around the country?

Thanks,

Max
6 answers Last reply
More about help roaming clients
  1. Archived from groups: comp.dcom.vpn (More info?)

    Max,

    This is not a problem at all. I don't have a windows client in front
    of me at the moment but I can tell you that you can configure an ip
    address in the client settings. On your server simply create a client
    connection policy that specifies a single address which may be
    accessed. In the client settings (wish I could be more specific right
    now) you can set an optional IP address for the client to use in its
    connection. I do this for my users on wintel platforms. It works like
    a charm and serveral clients can connect with the same settings
    simultaneously (depending on the router you have). Hope this helps.
    You will just have to look around. Check out the documentation on the
    router's reference cd for sample setups.

    David
  2. Archived from groups: comp.dcom.vpn (More info?)

    "David" <darkjedimaster@gmail.com> wrote in message:

    > accessed. In the client settings (wish I could be more specific right
    > now) you can set an optional IP address for the client to use in its
    > connection. I do this for my users on wintel platforms. It works like
    > a charm and serveral clients can connect with the same settings
    > simultaneously (depending on the router you have). Hope this helps.
    > You will just have to look around. Check out the documentation on the
    > router's reference cd for sample setups.

    I think I understand what you're saying. AKA a virtual IP. Right?

    Except the ProSafe client (as far as I can tell) doesn't allow for virtual
    IP.

    IPSec requires that a local IP be specified behind a NAT router. If a
    virtual IP *does* work as you say, then I must have purchased the
    wrong client for the job. Perhaps I'll try the Greenbow client...

    Thanks for your help.

    -Max
  3. Archived from groups: comp.dcom.vpn (More info?)

    Hi David. I keyed in your example. Here is the log:

    2-22: 14:34:03.578
    2-22: 14:34:03.578 My Connections\FVS318 - Attempting to resolve Hostname
    (MaxClient)
    2-22: 14:34:05.828 My Connections\FVS318 - Unable to resolve Hostname to
    address (MaxClient)
    2-22: 14:34:05.828 My Connections\FVS318 - Peer address determination
    failed.
    2-22: 14:34:05.828 My Connections\FVS318 - Error initiating connection.

    I double and triple checked everything you listed....everything is as you
    specified (or 99.9% anyway).

    However, I am a bit confused with your example. Shouldn't I be using FQDN to
    resolve the public IP? Your example had "0.0.0.0" for the WAN IP (just when
    I thought I understood what was going on. ;o))

    Remember, my remote clients will usually be behind many different NAT
    routers that use DHCP. Netgear's Wizard said that I MUST USE the IP address
    of the local PC behind the router (e.g.: in my recent test above this
    happened to be 192.168.1.4 not "10.0.5.2" as in your example).

    Thanks David, I appreciate your time and effort to try and help me. But
    either I missed something in the .1% of your example, or I have not done a
    good job of explaining my problem.

    -Max
  4. Archived from groups: comp.dcom.vpn (More info?)

    Hi David. Sorry, I did make a typo in *my* host IP address. Once I corrected
    this, then I did not get the previous error. Now I just keep getting :

    2-22: 15:35:45.127
    2-22: 15:35:45.127 My Connections\FVS318 - Initiating IKE Phase 1 (IP
    ADDR=63.24.102.7)
    2-22: 15:35:45.331 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG (SA,
    KE, NON, ID, VID 5x)
    2-22: 15:35:55.331 My Connections\FVS318 - message not received!
    Retransmitting!
    2-22: 15:35:55.331 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG
    (Retransmission)
    2-22: 15:36:05.331 My Connections\FVS318 - message not received!
    Retransmitting!
    2-22: 15:36:05.331 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG
    (Retransmission)
    2-22: 15:36:15.331 My Connections\FVS318 - message not received!
    Retransmitting!
    2-22: 15:36:15.331 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG
    (Retransmission)

    -Max
  5. Archived from groups: comp.dcom.vpn (More info?)

    Max,

    Glad to help out. It took me awhile to get it working myself.
    Hopefully it helps someone else too. I will enjoy my virtual Guiness..

    :{)> David
  6. Archived from groups: comp.dcom.vpn (More info?)

    maybe you could help me too

    I am trying to establish a VPN tunnel using the Netgear FVS318 and
    Netgear VPN Client. It works perfectly if i use dialup or connect my
    laptop to my DSL modem (bypassing my NAT router).
    If i try to go thru my NAT router phase 2 of the IKE exchange times out
    - no response - i think my NAT router is blocking the response, but i
    can't figure out why or how to troubleshoot this.
    Can you shed some light?

    mark
Ask a new question

Read More

VPN Networking