Re: Problem getting VPN to work with a Netgear FR314 router
From: dbRacing (newsgroup@dbracing.org.uk)Date: 12/22/01
- Next message: Yeff: "Re: Outpost How-To-Configure Guide"
- Previous message: Dr. Bob: "Re: Zonealarm vs Outpost"
- Maybe in reply to: dbRacing: "Problem getting VPN to work with a Netgear FR314 router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: newsgroup@dbracing.org.uk (dbRacing) Date: 22 Dec 2001 13:21:54 -0800
Mark,
Thanks for your insight, you were definitly on the right track and
with the help from some of our network guys in the US I have now got
it working. So for the benefit of those trying to do the same thing
here's what I needed to do.
1. Change the encryption scheme to use IKE with UDP encapsulation
instead of the proprietary FWZ. This in itself did not resolve the
problem, but I think it was one of the things that needed to be done.
I suppose that this is something that will vary from company to
company, depending on how the VPN server is configured. I believe that
they did change my user profile.
2. After an upgrade to the latest Checkpoint software and some
pinging, a suggestion was made that there may be a conflict between
the non-addressable IP addresses the FR314 router was generating for
my LAN and the corporate network. We changed from the 192.168.xxx.xxx
range of addresses to the 172.16.xxx.xxx range on the router. You will
need to make sure that you also change the LAN firewall IP address in
the general/status menu item and then restart the router and your PCs
to get a new DHCP IP address. I immediately had the recognition from
the corporate firewall and was able to do everything I was hoping for.
I too have NTL as my ISP. I initially had lots of problems getting the
cable modem / firewall / to communicate and thought that perhaps their
was some checking of the hardware address of the NIC card in the PC.
(I installed the cable modem and a couple of days later got the
router). I called the broadband support people and after holding for
37 minutes managed to speak to someone. The guy on the other end of
the phone really did want to help and I think was pleasantly surprised
that the person on the other end was not about to tear his head off !.
He double checked and confirmed that so far as NTL is concerned the
only hardware / mac address they register is the cable modem. After
messing around for 5 hours I decided to switch all the machines off
and restart only the router / cablem modem. When I got up the next
morning they had decided to talk to each other after about 45 minutes.
Patience it seems, is a virtue !
Good luck with getting your configuration to work Mark
Regards
David
m_r_main@yahoo.com (Mark Main) wrote in message news:<3c2390fc.124772383@news.ntlworld.com>...
> On 21 Dec 2001 08:24:11 -0800, newsgroup@dbracing.org.uk (dbRacing)
> wrote:
>
> >I have installed a FR314 firewall in conjunction with my Terajet 210
> >cable modem and have been sucessful in obtaining internet access from
> >my ISP. Thats the good news.
> >
> >Prior to installation I had VPN operating over my dial up modem using
> >Checkpoint Security VPN-1 secure client version 4.1 SP4-DES build
> >4185. This I think uses IPSEC, but I'm not certain about that
> >
> >When I try to access mail on the company network the attempt is
> >unsucessful because the server is unavailable. (standard exchange
> >message)
> >
> >I am able to ping the VPN server. I have read the FAQ on the netgear
> >site and other usenet postings (thanks to these I might appear a lot
> >more knowledgeble than I really am ) and have done the following:
> >
> >Added PPTP using port 1723, protocol 17
> >Added PPTP using port 1723, protocol 6
> >Opened port 259, protocol 17
> >Opened port 259, protocol 6
> >Added IPSEC using port 0, protocol 50
> >Added key exchange using port 500, protocol 17
> >Entered 192.168.0.2 in the Public LAN server column for the above
> >services, replacing the 0.0.0.0 default.
> >
> >From reading around it seems that I may also need to open port 1723
> >using protocol 47, but the router management software does not seem to
> >permit this level of customisation.
> >
> >Has anybody else been sucessful in getting this to work. Can anyone
> >advise what further steps I need to take to get VPN working on my
> >machine
>
> I am having a similar problem with a homebuilt Linux NAT-box/firewall
> with a Terajet 210 cable modem (ISP is NTL).
>
> I am no expert but from what I've read, I think by default the VPN-1
> client uses "FWZ" key exchange which is proprietary to Checkpoint.
> The selectable alternative, "IKE", is part of the IPsec work or
> somesuch.
>
> I have also read that some NAT/firewall/MASQ boxes don't work with
> FWZ. (Linux MASQ doesn't, for one). I don't know how the Netgear
> router is implemented, in terms of the embedded OS.
>
> So, you may need to use IKE and if you do, I recall there are some
> changes to make on your company firewall to get it to accept IKE
> instead of FWZ. Something to do with editing "objects.c" (search on
> that term).
>
> Comments anyone?
>
> HTH,
>
> Mark
- Next message: Yeff: "Re: Outpost How-To-Configure Guide"
- Previous message: Dr. Bob: "Re: Zonealarm vs Outpost"
- Maybe in reply to: dbRacing: "Problem getting VPN to work with a Netgear FR314 router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
