× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2003

Re: Netgear FVS318 VPN connection

Hi Vern,

What you say makes sense, except that as I noted, my W2K PC does not have an
internet IP address, only an internal LAN address.  Given that the source &
destination IP addresses also are internal LAN addresses, how does it ever
get to the LinkSys?  If you're correct, then if I change the tunnel endpoint
to be my W2K PC's internal (private) LAN IP address, I'd have to change the
source & destination IP addresses to the LinkSys's external (public)
internet IP address, right?

Peter Dow
Dow Software Services, Inc.
909 793-9050 voice
909 793-4480 fax
909 522-3214 cell

----- Original Message -----
From: "Vern Hamberg" <vhamberg@xxxxxxxxxxxxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Monday, September 29, 2003 9:18 AM
Subject: Re: Netgear FVS318 VPN connection


> Hi Peter
>
> The endpoints are the NetGear router and your W2K machine, which does have
> an IP address, perhaps assigned by your LinkSys router. Run the ipconfig
> command from your command prompt to see it. If it's dynamically assigned,
> you will probably need to change it to a static address in your internal
> network, because the IP security policy setup cannot use something like
> "This IP address" - needs to be static. I think this is because W2K wants
> to be the control point (or whatever) for the rest of your network. I hope
> someone else can say more or correctly, but this is what I've observed,
> without formal training.
>
> Good luck
>
> Vern
>
> At 09:02 AM 9/29/2003 -0700, you wrote:
> >Hi Vern,
> >
> >Thanks! The network guy on the other end has checked the router's log and
> >there's nothing.  He also has it configured to allow ping, at least until
we
> >get this working.  Netgear has very detail instructions with screen shots
> >and everything, which is where the terminology problems come into play.
The
> >path goes something like this:
> >
> >  W2K PC
> >  LinkSys
> >  Internet
> >  Cisco router
> >  Netgear
> >  iSeries
> >
> >The IP Security policy configuration talks about the source and
destination,
> >and tunnelling endpoints.  The source and destination appear to be
internal
> >LAN IP addresses, and the tunnelling endpoints are internet IP addresses.
> >Which I guess makes sense -- the VPN tunnel ends at the Netgear on one
end,
> >and the LinkSys on the other end.  Although actually, I think it ends
with
> >the W2K PC on my end, but that doesn't have an internet IP address.
> >
> >As you say, frustrating.  I think I'll go look for the SSH Sentinel
> >software.  I take it it uses IPsec?
> >
> >Peter Dow
> >Dow Software Services, Inc.
> >909 793-9050 voice
> >909 793-4480 fax
> >909 522-3214 cell
> >
> >----- Original Message -----
> >From: "Vern Hamberg"
> > > I don't know NetGear - we use a LinkSys VPN router. Usually there's a
log
> > > on the router, probably accessible through a browser.
> > >
> > > Setting up a W2K or XP IP Security policy is one of the worst, most
> > > frustrating exercises I know of. If you don't click on all the right
> > > circles and squares and other arcane weirdness, nothing works. You
might
> > > also go to LinkSys' site and find the downloads for their VPN router -
> >that
> > > manual has an extensive section on setting this up. When I follow
every
> > > step very carefully, sometimes it works.  :-(
> > >
> > > But when I have set one up, getting the 'Negotiating...' statuses is
> >normal
> > > for the first attempt--it's how I establish the connection--then the
next
> > > attempts at connecting (FTP, NetServer, etc.) should work without
comment.
> > > Try a telnet in a command prompt after your ping. Also, see if the
router
> > > is set up not to respond to ping. This will not stop the VPN
connection
> >but
> > > may confuse you when you get no other response.
> > >
> > > If that does not work, you maybe should review your policy setup,
maybe
> > > remove the one you have and start over. But check the log on the
router,
> >if
> > > you can.
> > >
> > > I much prefer a separate client - I use SSH Sentinel - don't know if
you
> > > can find a freely-usable copy anymore - it is quite stable and easy to
set
> >up.
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.521 / Virus Database: 319 - Release Date: 9/26/2003

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.