Re: Netgear FVS318 VPN connection -- MIDRANGE-L





Peter,

I started to send a very detailed and lengthy reply, and then thought
better of it.  I do not want to inadvertently make your situation more
complex.  I have not worked with the configuration you are describing.
There are too many variables for me to attempt to work out without being
familiar with the router.

I did however find a couple of sites making references to this type of
configuration.  The first link is to a PDF with detailed instructions.  The
second link goes to a forum of other people who have this configuration
working.  Try their tips.  I think you should note that the PDF document
shows a PC connected directly to the internet, not behind a router.  Your
Linksys router may still be your stumbling block.

http://home.stny.rr.com/ranch/reference/FVS318_W2Kupdated.pdf
http://www.tek-tips.com/gviewthread.cfm/lev2/5/lev3/34/pid/463/qid/562178
http://kbserver.netgear.com/kb_web_files/N100757.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;818043&Product=win2000

Also try other sites listed via the google search below.

http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=W2k+to+FVS318+vpn


Hope that helps you somewhat,


Keith Blazek
Information Systems Coordinator
PH: 305-623-8700 ext 308




                                                                           
             "Peter Dow"                                                   
             <maillist@dowsoft                                             
             ware.com>                                                  To 
             Sent by:                  "Midrange Systems Technical         
             midrange-l-bounce         Discussion"                         
             s@xxxxxxxxxxxx            <midrange-l@xxxxxxxxxxxx>           
                                                                        cc 
                                                                           
             09/29/2003 11:38                                      Subject 
             AM                        Re: Netgear FVS318 VPN connection   
                                                                           
                                                                           
             Please respond to                                             
             Midrange Systems                                              
                 Technical                                                 
                Discussion                                                 
             <midrange-l@midra                                             
                 nge.com>                                                  
                                                                           
                                                                           




Hi Keith,

Thanks for the comments.  What I have is what you described. Both routers
perform NAT; the NetGear is the VPN server as well, and the LinkSys will
pass IPsec traffic.  I guess the big question is how to translate all this
into an IP Security Policy for Win2K.  At first glance, one would think
that
the routers are the tunnel endpoints, but the LinkSys isn't a VPN router,
although it will pass through the VPN traffic.  So it sounds like the W2K
PC
should be the tunnel endpoint, but it doesn't have a routable address.  Can
you explain how the security policy's source, destination, and tunnel
endpoints figure into your diagram?

Peter Dow
Dow Software Services, Inc.
909 793-9050 voice
909 793-4480 fax
909 522-3214 cell



<Keith>
> If you are using non-routable addresses, ie in the range of 192.168.x.x
or
> 10.x.x.x you may not be able to set up the VPN in the manner that you are
> attempting.  At least one of the endpoints will need a routable internet
> address.  The other client should then be able to initiate the connection
> if all other intermediary devices are configured correctly to allow the
> traffic.
>
> Here's a quick example:
>
> PC with non-routable IP address like 192.168.0.50
> to
> Router with valid routable IP address
> to
> Router with valid routable IP address
> to
> Server with non-routable IP address like 192.168.10.25
>
> The routers on your network perimeter and on the internet will not be
able
> to handle traffic directly from or to the non-routable addresses, they
will
> use NAT to communicate.  The problem then becomes, how does the router on
> the destination end determine which machine receives incoming traffic?
You
> need address redirection, usually only provided on firewalls and higher
end
> routers.
</Keith>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.521 / Virus Database: 319 - Release Date: 9/26/2003


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.