Help! Roaming VPN Clients

Max

Distinguished
Jun 24, 2003
479
0
18,780
Archived from groups: comp.dcom.vpn (More info?)

I have a small sales force that roams the country and needs to establish
frequent VPN connections.

My problem is connecting my clients from many unknown WiFi hot spots around
the country.

If I know the IP addresses at both ends I can establish a VPN connection
with our FVS318 using the Prosafe VPN clients. Problem is, my roaming client
IPs are always changing.

So how can I configure my netgear router end (w/static IP) to accept the
Prosafe clients from any hot spot around the country?

Thanks,

Max
 

David

Distinguished
Apr 1, 2004
2,039
0
19,780
Archived from groups: comp.dcom.vpn (More info?)

Max,

This is not a problem at all. I don't have a windows client in front
of me at the moment but I can tell you that you can configure an ip
address in the client settings. On your server simply create a client
connection policy that specifies a single address which may be
accessed. In the client settings (wish I could be more specific right
now) you can set an optional IP address for the client to use in its
connection. I do this for my users on wintel platforms. It works like
a charm and serveral clients can connect with the same settings
simultaneously (depending on the router you have). Hope this helps.
You will just have to look around. Check out the documentation on the
router's reference cd for sample setups.

David
 

Max

Distinguished
Jun 24, 2003
479
0
18,780
Archived from groups: comp.dcom.vpn (More info?)

"David" <darkjedimaster@gmail.com> wrote in message:

> accessed. In the client settings (wish I could be more specific right
> now) you can set an optional IP address for the client to use in its
> connection. I do this for my users on wintel platforms. It works like
> a charm and serveral clients can connect with the same settings
> simultaneously (depending on the router you have). Hope this helps.
> You will just have to look around. Check out the documentation on the
> router's reference cd for sample setups.

I think I understand what you're saying. AKA a virtual IP. Right?

Except the ProSafe client (as far as I can tell) doesn't allow for virtual
IP.

IPSec requires that a local IP be specified behind a NAT router. If a
virtual IP *does* work as you say, then I must have purchased the
wrong client for the job. Perhaps I'll try the Greenbow client...

Thanks for your help.

-Max
 

Max

Distinguished
Jun 24, 2003
479
0
18,780
Archived from groups: comp.dcom.vpn (More info?)

Hi David. I keyed in your example. Here is the log:

2-22: 14:34:03.578
2-22: 14:34:03.578 My Connections\FVS318 - Attempting to resolve Hostname
(MaxClient)
2-22: 14:34:05.828 My Connections\FVS318 - Unable to resolve Hostname to
address (MaxClient)
2-22: 14:34:05.828 My Connections\FVS318 - Peer address determination
failed.
2-22: 14:34:05.828 My Connections\FVS318 - Error initiating connection.

I double and triple checked everything you listed....everything is as you
specified (or 99.9% anyway).

However, I am a bit confused with your example. Shouldn't I be using FQDN to
resolve the public IP? Your example had "0.0.0.0" for the WAN IP (just when
I thought I understood what was going on. ;o))

Remember, my remote clients will usually be behind many different NAT
routers that use DHCP. Netgear's Wizard said that I MUST USE the IP address
of the local PC behind the router (e.g.: in my recent test above this
happened to be 192.168.1.4 not "10.0.5.2" as in your example).

Thanks David, I appreciate your time and effort to try and help me. But
either I missed something in the .1% of your example, or I have not done a
good job of explaining my problem.

-Max
 

Max

Distinguished
Jun 24, 2003
479
0
18,780
Archived from groups: comp.dcom.vpn (More info?)

Hi David. Sorry, I did make a typo in *my* host IP address. Once I corrected
this, then I did not get the previous error. Now I just keep getting :

2-22: 15:35:45.127
2-22: 15:35:45.127 My Connections\FVS318 - Initiating IKE Phase 1 (IP
ADDR=63.24.102.7)
2-22: 15:35:45.331 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG (SA,
KE, NON, ID, VID 5x)
2-22: 15:35:55.331 My Connections\FVS318 - message not received!
Retransmitting!
2-22: 15:35:55.331 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG
(Retransmission)
2-22: 15:36:05.331 My Connections\FVS318 - message not received!
Retransmitting!
2-22: 15:36:05.331 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG
(Retransmission)
2-22: 15:36:15.331 My Connections\FVS318 - message not received!
Retransmitting!
2-22: 15:36:15.331 My Connections\FVS318 - SENDING>>>> ISAKMP OAK AG
(Retransmission)

-Max
 

David

Distinguished
Apr 1, 2004
2,039
0
19,780
Archived from groups: comp.dcom.vpn (More info?)

Max,

Glad to help out. It took me awhile to get it working myself.
Hopefully it helps someone else too. I will enjoy my virtual Guiness..

:{)> David
 
G

Guest

Guest
Archived from groups: comp.dcom.vpn (More info?)

maybe you could help me too

I am trying to establish a VPN tunnel using the Netgear FVS318 and
Netgear VPN Client. It works perfectly if i use dialup or connect my
laptop to my DSL modem (bypassing my NAT router).
If i try to go thru my NAT router phase 2 of the IKE exchange times out
- no response - i think my NAT router is blocking the response, but i
can't figure out why or how to troubleshoot this.
Can you shed some light?

mark