|
Peter, I think you may find that the source of your problem is that the remote router (Netgear) does not "know" how to reach the endpoint (W2K machine) due to a useful function called NAT, network address translation, usually enabled by default in most Linksys routers. One possible problem is the router running NAT controls the TCP/IP sessions, and the remote router attempts to complete the VPN negotiation with the device that it detects on the other end, in this case the Linksys router. You will need to look long and hard at the configuration on both routers, oh and don't underestimate the value of verifying that you have the latest and greatest firmware on both devices. I have seen on a number of occasions, updating the firmware repairs many problems. Good Luck, Keith Blazek Information Systems Coordinator PH: 305-623-8700 ext 308 Vern Hamberg <vhamberg@centerf ieldtechnology.co To m> Midrange Systems Technical Sent by: Discussion midrange-l-bounce <midrange-l@xxxxxxxxxxxx> s@xxxxxxxxxxxx cc Subject 09/29/2003 09:18 Re: Netgear FVS318 VPN connection AM Please respond to Midrange Systems Technical Discussion <midrange-l@midra nge.com> Hi Peter The endpoints are the NetGear router and your W2K machine, which does have an IP address, perhaps assigned by your LinkSys router. Run the ipconfig command from your command prompt to see it. If it's dynamically assigned, you will probably need to change it to a static address in your internal network, because the IP security policy setup cannot use something like "This IP address" - needs to be static. I think this is because W2K wants to be the control point (or whatever) for the rest of your network. I hope someone else can say more or correctly, but this is what I've observed, without formal training. Good luck Vern At 09:02 AM 9/29/2003 -0700, you wrote: >Hi Vern, > >Thanks! The network guy on the other end has checked the router's log and >there's nothing. He also has it configured to allow ping, at least until we >get this working. Netgear has very detail instructions with screen shots >and everything, which is where the terminology problems come into play. The >path goes something like this: > > W2K PC > LinkSys > Internet > Cisco router > Netgear > iSeries > >The IP Security policy configuration talks about the source and destination, >and tunnelling endpoints. The source and destination appear to be internal >LAN IP addresses, and the tunnelling endpoints are internet IP addresses. >Which I guess makes sense -- the VPN tunnel ends at the Netgear on one end, >and the LinkSys on the other end. Although actually, I think it ends with >the W2K PC on my end, but that doesn't have an internet IP address. > >As you say, frustrating. I think I'll go look for the SSH Sentinel >software. I take it it uses IPsec? > >Peter Dow >Dow Software Services, Inc. >909 793-9050 voice >909 793-4480 fax >909 522-3214 cell > >----- Original Message ----- >From: "Vern Hamberg" > > I don't know NetGear - we use a LinkSys VPN router. Usually there's a log > > on the router, probably accessible through a browser. > > > > Setting up a W2K or XP IP Security policy is one of the worst, most > > frustrating exercises I know of. If you don't click on all the right > > circles and squares and other arcane weirdness, nothing works. You might > > also go to LinkSys' site and find the downloads for their VPN router - >that > > manual has an extensive section on setting this up. When I follow every > > step very carefully, sometimes it works. :-( > > > > But when I have set one up, getting the 'Negotiating...' statuses is >normal > > for the first attempt--it's how I establish the connection--then the next > > attempts at connecting (FTP, NetServer, etc.) should work without comment. > > Try a telnet in a command prompt after your ping. Also, see if the router > > is set up not to respond to ping. This will not stop the VPN connection >but > > may confuse you when you get no other response. > > > > If that does not work, you maybe should review your policy setup, maybe > > remove the one you have and start over. But check the log on the router, >if > > you can. > > > > I much prefer a separate client - I use SSH Sentinel - don't know if you > > can find a freely-usable copy anymore - it is quite stable and easy to set >up. _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.