VPN into office using FVS318 router behind Cayman Router

Archived from groups: comp.dcom.vpn (More info?)

Ok, I'm about to pull my hair out getting this thing to work. My client
wants a few of his employees to login from home (a couple have cable, a
couple dial-up) so they can do work. I've tried logging in from my home
computer (which uses dial-up and is not on a network), but keep getting
"message not received - retransmitting". Any and all help is much
appreciated. Here is the businesses LAN/WAN setup:

ADSL Modem Router (SBC Yahoo)
|
Netgear FVS318 Router (using DHCP)
LAN IP: 192.168.0.1
WAN IP: 69.215.xxx.xxx
|
D-Link 24-Port Switch
|
13 Computers PC's
Obtain IP address automatically

I've spoken with our ISP and we set the Cayman 3500 Series to use a
public IP (69.215.xxx.xxx), disabled DHCP and NAT. Basically just using
it as a Pass-Through to the Netgear router.

The FVS318 "VPN Settings" are as follows:
(all names are for example only)
-----------------------------------------
Connection Name: MyCompany
Local IPSec: Firewall
Remote IPSec: RemotePC
Tunnel can be accessed: a subnet of local addresses
LAN Start IP: 192.168.0.0
LAN Finish IP: 0.0.0.0
Subnet: 255.255.255.0
Tunnel can access: a single remote address
(this is where I'm confused about what to put)
Remote LAN Start IP: 192.168.100.1
Remote LAN Finish IP: 0.0.0.0
Subnet: 0.0.0.0
Remote WAN IP: 0.0.0.0

SA: Aggressive Mode
Perfect Forward Secrecy: enabled
Encryption: 3DES
Key Group: Diffie-Hellman Group 2
Preshared Key: *********
Key Life: 28800
IKE Life Time: 86400
NETBIOS: enabled

VPN Client (Netgear ProSafe v.10.1)
-----------------------------------
Secure
Remote Party ID: IP Subnet
Subnet: 192.168.0.2
Mask: 255.255.255.0
Protocol: All
Connect Using: Secure Gateway Tunnel
ID Type: Any
Gateway IP Address: 69.215.xxx.xxx

My Identity
Pre-Shared Key: xxxxxxxxx (Same as FVS318 Router)
ID Type: Domain Name = MyCompany (Connection Name from FVS318)
Virtual Adapter: Disabled
Internal Network IP Address: 192.168.100.1
Internal Interface Name: Any
IP Address: Any

Security Policy: Aggressive Mode
Enable PFS: Yes
PFS Key Group: Diffie-Hellman Group 2
Enable Replay Detection: Yes

Authentication Phase 1 - Proposal 1
Authentication Method: Pre-Shared Key
Encryption Algorithm: 3DES
Hash Alg: MD5
SA Life: Unspecified
Key Group: Diffie-Hellman Group 2

Key Exchange Phase 2 - Proposal 1
SA Life: Unspecified
Compression: None

ESP
Encryption Method: 3DES
Hash Alg: MD5
Encapsulation: Tunnel
Authentication Protocol: No

Option > Global Policy Settings:

Retransmit Interval: 45
Number of retries: 3
Send status notification to peer hosts: yes
allow to specify internal Network Address: yes
Enable IPSec logging: yes
smart card removal clears keys: no

Also, could my home ISP (bluelight.com) possibly not allow an VPN
access through their system? Or is my setup not correct somewhere in
the hardware. I don't have any port forwarding setup on the FVS318 -
does this have to be done. Thank you for any and all help concerning
this.

Sincerely,

Patrick Whitson