#1  
Old April 10th, 2012, 11:50 AM
Medgen Medgen is offline
Junior Member
NETGEAR Newbie
 
Join Date: Apr 2012
Posts: 4
Medgen is on a distinguished road
Default Multiple mode-configs on FVS318G

Hi,

I added two mode-configs on my FVS318G. Both have different names and different subnets they will assign (10.1.0.0/24 and 10.2.0.0/24).

When I create an IKE policy I choose "yes" for "use mode-config record" and select the first mode-config. But if I click to the "view selected" button, I see the config of the second mode-config I have created. If I choose the second mode-config and click to the button, it also shows me the values for the second one.

The problem is, that not only the values for the second mode-config are displayed - they are also used and the clients only get IPs from this range, regardless which mode-config the IKE policy is linked to.

I'm running firmware 3.0.7-34.

I have two same devices and have this problem on both. So I'm wondering if this is a bug or if it's not possible to have multiple mode-configs?

Regards
Reply With Quote
  #2  
Old April 10th, 2012, 12:25 PM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 95,380
jmizoguchi is on a distinguished road
Default Re: Multiple mode-configs on FVS318G

if you hard reset the router & manually configure the router when you flash to this firmware version and both does the same then put trouble ticket in with support at my.netgear.com
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
  #3  
Old April 10th, 2012, 11:21 PM
Medgen Medgen is offline
Junior Member
NETGEAR Newbie
 
Join Date: Apr 2012
Posts: 4
Medgen is on a distinguished road
Default Re: Multiple mode-configs on FVS318G

Router was already reset. The firware was the one that was shipped with the devices. It already had the newest. So it wasn't updated by me.

Last night I had a 2.5h remote session with a supporter form NetGear, but I'm not sure, if he understand my issue. He always ignored that everything is fine with one mode-config and if you add a second one, all policies use the second mode-config. He always told me, I don't need mode-configs for client-to-site connectsions and tried to create a IKE and VPN policy instead. But he wasn't able to open a tunnel to his setup for the whole time (with Netgear client and Shrew), while my mode-config setup works fine (at least if I have just one). :-(

So maybe somebody with Netgear experiences and who owns a FS318G, too, can shortly reproduce this and tell me if this is an expected behavior or not. Or if there is a different method than http://www.shrew.net/support/wiki/HowtoNetgear to setup a client-to-site configuration.

The way to reproduce:
- Create two mode configs with different IP-ranges (you can leave all other settings on default for this test)
- Click to the "add new IKE policy" button -> "use mode-config": select "yes" -> select the first (!) mode-config entry you've created in the combobox and click to "view selected". -> You see the settings of the second (!) and not of the selected first mode-config!

And the problem is, that it's not just a display error. If I have two mode-configs, there's no change any more to make the box use the first one until you delete the second.

Here some screenshots:
http://img690.imageshack.us/img690/227/modeconfigs.png
http://img705.imageshack.us/img705/5...nchoosedmo.png
http://img31.imageshack.us/img31/596...nchoosedmo.png


Thanks.
Reply With Quote
  #4  
Old April 11th, 2012, 06:44 AM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,277
adit is on a distinguished road
Default Re: Multiple mode-configs on FVS318G

The router doesn't make the choice of which Mode-Config to use, the VPN policy on the remote does.

Have you tried connecting to both remotely.
Reply With Quote
  #5  
Old April 11th, 2012, 07:18 AM
Medgen Medgen is offline
Junior Member
NETGEAR Newbie
 
Join Date: Apr 2012
Posts: 4
Medgen is on a distinguished road
Default Re: Multiple mode-configs on FVS318G

Quote:
Originally Posted by adit View Post
The router doesn't make the choice of which Mode-Config to use, the VPN policy on the remote does.
But why do I have to choose one of the mode configs in the routers policy if the client on the remote site does the choice?

And where in my vpn client (e. g. Shrew) I can set up, which mode-config it should use? And how can I prevent that the user doesn't change this to a differnet mode config and get assigned IPs from other subnets (with other permissions)?




Quote:
Originally Posted by adit View Post
Have you tried connecting to both remotely.
If I have one mode-config, it works fine, and I get an IP from the configured range out of this mode-config. If I add a second mode-config - but in the policy the first is still choosen - then I get an IP assinged out of the pool of the second mode-config.
Reply With Quote
  #6  
Old April 11th, 2012, 07:29 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 95,380
jmizoguchi is on a distinguished road
Default Re: Multiple mode-configs on FVS318G

Quote:
But why do I have to choose one of the mode configs in the routers policy if the client on the remote site does the choice?

And where in my vpn client (e. g. Shrew) I can set up, which mode-config it should use? And how can I prevent that the user doesn't change this to a differnet mode config and get assigned IPs from other subnets (with other permissions)?
you don't' choose modconfig policy on client at all

under IKE policy on FVS you need to tell which modeconfig to use.
make sure FQDN is setup separate on both IKE policy.
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
  #7  
Old April 11th, 2012, 08:25 AM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,277
adit is on a distinguished road
Default Re: Multiple mode-configs on FVS318G

Quote:
Originally Posted by Medgen View Post
But why do I have to choose one of the mode configs in the routers policy if the client on the remote site does the choice?
Because you will need 2 IKE policies since you have 2 mode config policies, and you can only assign 1 MC policy to each IKE policy.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 12:35 AM.