Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Got the VPN client connected...Now what? 1

Status
Not open for further replies.

defactoITguy

Technical User
Sep 1, 2006
18
US

Ok, I dont' feel right asking this question, since it seems like there should be an easy answer, but here goes:

I have a remote client connected to my Office LAN with a Netgear FVS318v3. It's an all XP environment...I enabled NETBios, but I CANNOT see the computers on either end, despite confirming that the connection is good.

What have I missed?
 
I don't have any experience w/ the netgear box you are using, but... I currently use the Sonicwall client software which is a version of the Safenet software.

If your client software is truly a version of Safenet, You probably will NOT be able to browse the network just using the client. The Safenet client software does NOT pass netbios traffic even though there is usually a setting that says it will.

On the soicwall boxes, netbios traffic will only be passwed across the VPN if using a VPN firewall at both ends.
 
It is Safenet--same tray icon, and you can connect to a Sonicwall as an option--must have slipped that by Netgear!!

I've heard that Netbios doesn't really mean Netbios from other resources too. Honestly, I'm a little dismayed at the fact that Netgear says they can do it when they really can't. I'm not sure what I'm supposed to do with a connection that doesn't allow me to see or map network drives, which was the whole point in purchasing the stupid thing. I HAD a firewall with the NAT modem I was using before.

I think at this point I'll have to set up PPTP connections, but I've been reading up on how to set that up in Win2K, and it seems that you need a PHD to do it! I'm thinking that I need to just hire somebody who knows what he's doing...cuz that ain't ME!!

Right now I'm taking a break from it, and exploring some of these remote desktop programs--I don't like them much, they're so slow and prone to failure. But eventually I'll get back on it.

Thanks for the response--I appreciate the help..
 
I'm having the same problem. Netgear FVS318v3 router and ProSafe client. Client and router say they are connected but no pings go through to the network behind the router. I can ping the WAN IP of the router though. Any new ideas?
 
Don't these Netgear things SUCK?

I'm so ticked off. I tried everything that "customer service" said to do.

I think Gecko's post about sums it up. Buy Netgear routers for all of the clients and set up gateway VPN's. Super easy and cheap too!

For the time being, I've settled for using LogMeIn, which is a great RDA application that's free. At least I can close all the ports on the router and feel somewhat secure...
 
I got fed up with the Netgear and bought a Linksys RV042. Within a couple hours I was transferring files across a PPTP VPN from my home to office. Set up the connection in XP, connects perfectly, no extra client software needed. Around $150 for the router and I can connect 5 clients through PPTP. Supposedly up to 50 clients through IPSec, but I haven't nailed that one down yet. Still better than paying $100+ for the Netgear and then $150 for 5 client user licenses.
 
No kidding--THANKS for the tip. I can be pretty sure I'll be doing the same thing!

Were you able to sell that Netgear ...stuff?
 
I havent tried to sell it yet. I actually left it hooked up on one end so I could try to get it working eventually, and today (Saturday) I've had to come in to work because the POS thing has stopped connecting to the net. I re-hooked up the linksys that I used before buying the netgear and everything works fine... maybe I can at least use that as an excuse to RMA the thing.
 
Just as an update, I kept tinkering with the Netgear and I finally got it connected using the ProSafe client. Also, I got the Linksys RV042 to do IPSec with the GreenBow VPN client. If you're still interested in your netgear I'll post the details on how I did it. Thanks to everyone who gave info here :)
 
Dear PayneBusiness,
I am very much interested in how you got this to work. Could you please either post it or email it to me?

Mark
 
Here are my Netgear FVS318v3 settings:

IKE Policy Configuration

General
Policy Name Michael
Direction/Type Remote Access
Exchange Mode Aggressive Mode

Local
Local Identity Type FQDN
Local Identity Data fvs318v3

Remote
Remote Identity Type FQDN
Remote Identity Data michael.payne

IKE SA Parameters
Encryption Algorithm 3DES
Authentication Algorithm SHA-1
Authentication Method
Pre-shared Key **********

Diffie-Hellman (DH) Group Group 2 (1024 Bit)
SA Life Time (secs) 28800





VPN - Auto Policy

General
Policy Name Michael
IKE policy Michael
IKE Keep Alive Ping IP Address: 192.168.223.223
Remote VPN Endpoint
Address Type: FQDN
Address Data: michael.payne
SA Life Time (Seconds) 28800
(Kbytes) 100000
IPSec PFS (checked) PFS Key Group: Group 2 (1024 Bit)

Traffic Selector
Local IP ANY
Start IP address: ...
Finish IP address: ...
Subnet Mask: ...
Remote IP ANY
Start IP address: ...
Finish IP address: ...
Subnet Mask: ...

AH Configuration
Enable Authentication (not checked) Authentication Algorithm:

ESP Configuration
Enable Encryption (checked) Encryption Algorithm: 3DES
Enable Authentication (checked) Authentication Algorithm: SHA-1

NETBIOS Enable (checked)






Here are my ProSafe security settings:


Connection Security: Secure
Remote Party:
ID Type: IP Subnet
Subnet: 192.168.222.0
Mask: 255.255.255.0
Protocol: Any

(check) Connect using: Secure Gateway Tunnel
ID type: Domain Name: fvs318v3
Gateway IP Address: (enter WAN IP of the FVS318, or select hostname and enter the hostname (you have to set the DDNS up previously))



My Identity:
Click the button and enter Same Pre-Shared Key as the router
Certificate: None
ID Type: Domain Name: michael.payne
Virtual Adapter: Required
Internal IP: 192.168.223.223
Internet Interface: Any



Security Policy:
Phase 1 Negotiation: Aggressive
(check) Enable Perfect Forward Secrecy
PFS Key Group: Diffie-Hellman Group 2
(check) Enable Replay Detection


Authentication:
Auth Method: Pre-shared Key

Encrypt Alg: Triple DES
Hash Alg: SHA-1
SA Life: seconds: 28800

Key group: DH Group 2




Key Exchange:
SA Life: Both: seconds: 28800 kbytes: 100000
compression: none

(check) Encapsulation Protocol
Encrypt Alg: Triple DES
Hash Alg: SHA-1
Encapsulation: Tunnel



I hope that is clear enough and it works for you. This thing seems to be a farily solid router and a good VPN aside from the initial setup issues and the one time it has lost the connection, which could have been related to something else.
 
You may want to change the FQDN or IP settings, just make sure you replace both ends with the same names or IPs. Also make sure that each end has a different subnet than the other end and the virtual link.

In my case,
Office LAN is using 192.168.111.x
Home LAN is using 192.168.222.x
Virtual Link is assigned IP 192.168.223.223

Once you establish the tunnel, you should be able to ping every computer on both LANs by using the IP address, and you can map drives using the command line "net use X: \\192.168.x.x\ShareName"

Good luck!
 
So were you able to use NetBIOS with that connection? I got mine connected, but was unable to see any network resources. That was the issue I was having.
 
I can't "see" them like browsing in the Network Neighborhood thing, but I can put \\192.168.222.101 into the address bar of windows explorer and it will show me the shared drives and printers on the *.222.101 computer, which is across the VPN. This works fine for what I need, I just can't use netbios names to access the comptuers, but since the IPs are all static, I can just use that in any network applications I use.
 
Ok, that might work for me. I should be able to install a networked program with that...
Thanks!
 
I have tried using the settings that PayneMG gave but I still cannot connect client to gateway. My client log says:

Initiating IKE Phase 1 (IP ADDR=***.***.***.***)
SENDING>>>>ISAKMP OAK AG(SA, KE, NON, ID, VID 5x)
message not received! Retransmitting!

and it continues to send and fail. I have tried loads of online help and howto article but have had no luck. I am at the end the road...please help!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top