Go Back   NETGEAR Forums > Enterprise/Business Products > Firewall / VPN Devices > VPN Routers

Reply
 
Thread Tools Display Modes
  #11  
Old February 15th, 2013, 03:41 AM
tiguetx tiguetx is offline
Junior Member
NETGEAR Newbie
 
Join Date: Feb 2013
Posts: 8
tiguetx is on a distinguished road
Default Re: VPN Tunnel Config issues

Quote:
Originally Posted by jmizoguchi View Post
FVS will not have reliable VPN with private IP on WAN of the FVS

You should put all your devices behind the FVS router and put cable modem/gateway in bridge mode
Sorry, I have to move slowly on this, since it's a working enviroment and i can't make changes that may have negative effects during work hours.

So, if i put the comcast modem into bridge mode, I assume my fvs would be able to take over managing all 5 of my public IPs? I would further assume I would no longer assign the FVS wan one of the 5 statics and instead assign it the public GW address?

I'll need to read up and play around with this FVS a bit more. See how it handles 1-to-1 nat and port forwarding.

The other issue i'll need to address if I go this route is I'll probably need to upgrade the FVS. I don't think it's rated for 50 down and 10 up.

my ultimate goal hear is to provide a VPN tunnel into the office for specific IP phones at one location into the phone system at the main office. I'm never going to want ALL my traffic to go thru the VPN tunnel. So I need to make sure I'm still providing access for the server, phone system and security DVR outside the tunnel.

Assuming I'm able to config the FVS or it's upgrade to take over managing my 5 statics and provide the VPN tunnel, am I going to end up back where I started? Able to establish a VPN p2p tunnel but unable to get past it (IE: with the SBS 2011 still my dhcp server, do I need a firewall rule created?)
Reply With Quote
  #12  
Old February 15th, 2013, 04:56 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 94,057
jmizoguchi is on a distinguished road
Default Re: VPN Tunnel Config issues

Quote:
I assume my fvs would be able to take over managing all 5 of my public IPs?
10.0 IP is not public routable IP.

If you have 5 then putting cable modem in bridge mode and assign each devices with provide IP's info from ISP

Quote:
The other issue i'll need to address if I go this route is I'll probably need to upgrade the FVS. I don't think it's rated for 50 down and 10 up.
25Mbps LAN-WAN / 7Mbps 3DES

Look the these speck at netgear.com and each products has spec for prosafe /prosecure and you can choose what ever you want.
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
  #13  
Old February 15th, 2013, 05:10 AM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,238
adit is on a distinguished road
Default Re: VPN Tunnel Config issues

Your Comcast "modem" is a router as well. You do not put it into bridge mode. There is no bridge mode. The only thing you can do is disable DHCP on it, which won't change your situation.

If one of your static IP's is correctly programmed into the FVS then your issue is elsewhere.

Look for a SIP ALG box and toggle it on/off to see if it fixes it.

Which IP phones/system do you have.

Your LAN switches should be behind the FVS and not plugged directly into the Comcast router.

Read my LAN Subnets NOT to Use tutorial.
__________________
.
Forum Rules - Post Screenshots on ImageShack for Free - Firmware Upgrade Procedure
.
Online Subnet Calculator - LAN Subnets NOT to Use - SA Lifetime Guidelines - Hex/IP Converter
.
Free Netgear Support Online Trouble Ticket Submissions 1-888-NETGEAR 4,3 Netgear Knowledge Base
.
VPN Router Support, Interface Demos,and Marketing Pages:
.
SRX5308 S M - FVS336G S I I M - FVS318G S M - FVS318N S M - FVS338 S I I M - SRXN3205 S M -
VPNG01/5L S M - FVS318 S I I M - DGFV338B S I M - FVG318 S I I M - SSL312 S I M - FVX538 S I I
.
FVS114 - FVS124G - FVS328 - FVL328 - FWG114P - GPL Firmware Code - MyOpenRouter - VPNC Docs
.
Click Here for my VPN Client and Mode Config VPN Client Tutorials
.
ProSecure STM/UTM Appliance User Forum - Prosecure Marketing Website
.
.
Good Luck...ADIT

FYI - I am a Reseller and not employed by Netgear
Reply With Quote
  #14  
Old February 23rd, 2013, 07:58 AM
tiguetx tiguetx is offline
Junior Member
NETGEAR Newbie
 
Join Date: Feb 2013
Posts: 8
tiguetx is on a distinguished road
Default Re: VPN Tunnel Config issues

Quote:
Originally Posted by jmizoguchi View Post
FVS will not have reliable VPN with private IP on WAN of the FVS

You should put all your devices behind the FVS router and put cable modem/gateway in bridge mode
OK, Back to this project, Sorry for the delay.

I've updated my main office diagram to more accurately reflect my current config.

Main Office

The blue lines reflect current cables that will go away, the red lines reflect the new cables.

From talking to the support dept at netgear, I'm not sure this FVS will handle my 5 static IP's the way I need them handled. I currently have Static A passed thru to my DVR, Static C is 1-to-1 NAT'd and port forwarded to my SBS2011 server,(10.0.0.2) Static D is 1-to-1 NAT'd and port forwarded to my Phone system(10.0.0.10). If I put everything behind the FVS, will it be able to handle all my Public IPs the way I need. If so, would I configure the FVS to use the default Public Gateway (Static F) as it's WAN.

I'm working with limitations here, SBS 2011 only supports 1 NIC, Thus the NAT and Port forwarding, SBS also insists on being the DHCP server.

since 10.0.0.5 is my current GW for my server and onsite ip phones and Phone system, I assume I would need to make the FVS's internal address 10.0.0.5 and assign my Comcast router a diff address.

My ultimate goal is to provide a P2P VPN tunnel to the phone system and server for one remote office while still providing internet access to the phone system and server outside the P2P VPN tunnel for people using there IP Phones at Home/road, etc. and those using RAS, OWA, etc to the server.

IF the FVS will handle my 5 static IPs effectively, I assume I would need to use one of my 2 remaining Public Ips for my VPN tunnel (Static B). At that point, do I need to provide any special firewall rules on my SBS to accomodate the VPN tunnel and the remote PCs that are on a slightly different LAN (10.0.1.x) vs (10.0.0.x)


In the event that the FVS won't handle the 5 statics the way I need, could I leave the wiring the way I have it, config the FVS to use (Static D) as it's WAN, leave its internal address as (10.0.0.8), forward Static D to the phone system (10.0.0.10) on the FVS. make the FVS (10.0.0.8) the GW for the phone system and make a P2P VPN tunnel using Static D.

Based on this 2nd approach I would have the PC's using the comcast router as the gateway and the phones using the FVS as the gateway. will that work on the same lan?
Reply With Quote
  #15  
Old February 23rd, 2013, 08:28 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 94,057
jmizoguchi is on a distinguished road
Default Re: VPN Tunnel Config issues

You need to put cable modem in bridge mode

With new setup , red line should have FVS to have public IP on the WAN of FVS.

If you need rest of DVR, SBS to have access to from single public IP then you need to forward the ports to each device


10.0 IP is private IP so unless you have block of IP you are getting from ISP, you have only "1" public IP so 5 static IP you are referring to static IP on each device

If you are looking to have SBS and DVR to have own routable IP the. Needs bloc of IP otherwise cable modem in bridge mode and forwarding should take care it

So once you have done bridge mode , WAN of FVS should have 172.x IP respectively
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
  #16  
Old February 24th, 2013, 09:29 PM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,238
adit is on a distinguished road
Default Re: VPN Tunnel Config issues

Again, you do NOT bridge the Comcast router.

You program one of the static IP's as the WAN IP of the FVS.

You add the other static IP's in the Firewall Rules.

You can disable DHCP on the Comcast router if you want, but it is not necessary.
__________________
.
Forum Rules - Post Screenshots on ImageShack for Free - Firmware Upgrade Procedure
.
Online Subnet Calculator - LAN Subnets NOT to Use - SA Lifetime Guidelines - Hex/IP Converter
.
Free Netgear Support Online Trouble Ticket Submissions 1-888-NETGEAR 4,3 Netgear Knowledge Base
.
VPN Router Support, Interface Demos,and Marketing Pages:
.
SRX5308 S M - FVS336G S I I M - FVS318G S M - FVS318N S M - FVS338 S I I M - SRXN3205 S M -
VPNG01/5L S M - FVS318 S I I M - DGFV338B S I M - FVG318 S I I M - SSL312 S I M - FVX538 S I I
.
FVS114 - FVS124G - FVS328 - FVL328 - FWG114P - GPL Firmware Code - MyOpenRouter - VPNC Docs
.
Click Here for my VPN Client and Mode Config VPN Client Tutorials
.
ProSecure STM/UTM Appliance User Forum - Prosecure Marketing Website
.
.
Good Luck...ADIT

FYI - I am a Reseller and not employed by Netgear
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 02:05 PM.