Go Back   NETGEAR Forums > Enterprise/Business Products > Firewall / VPN Devices > VPN Routers

Reply
 
Thread Tools Display Modes
  #1  
Old May 3rd, 2012, 07:19 AM
carralo carralo is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2010
Posts: 14
carralo is on a distinguished road
Default VPN not working now.

I've been around the forums for many years and looking for some advice from someone with a little more understanding.

setup
workstation -> FVL328 >(public internet IP static) -------

Laptop with Prosafe VPN Client

Client side #1 (this works no issue)
(public internet IP dynamic) < USB760 (Verizon Wireless usb modem) << -- Laptop with Prosafe VPN Client

Client side #2 (this is not working)
(public internet IP dynamic) <
MiFi 4620L (Verizon Wireless Jetpack 4G Hotspot modem/router)
The Lan side of mifi router is 192.168.1.1
but the Wan Side is 10.176.158.x / 255.255.255.255
and my public ip shows as 166.250.0.x


In the case of Client #2 I understand this to be double NAT. I also understand to some degree that it doesn't work with ipsec vpn. At least thats my experience with trying to get it to.


I know there are some very knowledgeable people here that understand
VPN far better than I do and can at least guide me a bit.

Options? are there any beside staying with the 3G usb760 solution?
Reply With Quote
  #2  
Old May 3rd, 2012, 07:47 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 95,329
jmizoguchi is on a distinguished road
Default Re: VPN not working now.

too many IP's

Quote:
Wan Side is 10.176.158.x / 255.255.255.255
and my public ip shows as 166.250.0.x
this will be an issues I think. I bet other one does work only has single wan ip
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
  #3  
Old May 3rd, 2012, 08:05 AM
carralo carralo is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2010
Posts: 14
carralo is on a distinguished road
Default Re: VPN not working now.

jmizoguchi,

Thats correct the USB720 which plugs into the laptop USB only has one

The MiFI device appears to Double NAT the Laptop before it hits the public IP.

Is there anyway to VPN when a laptop is Double NAT or does it break the ability for all secure VPN's?
Reply With Quote
  #4  
Old May 3rd, 2012, 08:18 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 95,329
jmizoguchi is on a distinguished road
Default Re: VPN not working now.

Ssl-vpn ...........
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
  #5  
Old May 13th, 2012, 10:57 AM
Daedalus01's Avatar
Daedalus01 Daedalus01 is offline
Senior Member
Advanced NETGEAR Expert
 
Join Date: Nov 2008
Location: Dallas Texas
Posts: 632
Daedalus01 is on a distinguished road
Default Re: VPN not working now.

Quote:
Originally Posted by carralo View Post
The Lan side of mifi router is 192.168.1.1
but the Wan Side is 10.176.158.x / 255.255.255.255
and my public ip shows as 166.250.0.x

There cant be a subnet mask of 255.255.255.255. That would mean that there is only 1 IP host available to that subnet which means no broadcast IP, and no host IP. The only IP is the network. I'm not doubting thats what the mifi is saying, but that is most likely why the tunnel isn't working. Where are you pulling from that your public IP is 166.xx.x.x?
Reply With Quote
  #6  
Old September 17th, 2012, 12:50 PM
Daedalus01's Avatar
Daedalus01 Daedalus01 is offline
Senior Member
Advanced NETGEAR Expert
 
Join Date: Nov 2008
Location: Dallas Texas
Posts: 632
Daedalus01 is on a distinguished road
Default Re: VPN not working now.

Just as an update. A lot of Verizon Internet devices use a private IP address making it so that VPN does not work. I just found this out myself having just bought a Verizon Pantech UML290 and tried to use a Shrew and greenbow to go back to my Netgear routers at home. Then I tried to get to a SonicWall in a remote office, no go. Cisco, no go. FortiGate, no go. Even though I knew from trying it with a Shrew client and that it was a private IP, I thought I would still try the others so that I can comment on them.
Reply With Quote
  #7  
Old September 18th, 2012, 07:36 AM
JonW JonW is offline
Senior Member
Advanced NETGEAR User
 
Join Date: May 2007
Posts: 176
JonW is on a distinguished road
Default Re: VPN not working now.

Most cell phones and 3g devices use non-routable IP addresses, but that shouldn't stop you from initiating a tunnel from the device if the VPN supports NAT-T.

Heck, I even got a double NAT situation to work with my Verizon IPad using IPSEC.

Is it possible that Verizon has just started blocking VPN on these devices?
Reply With Quote
  #8  
Old September 18th, 2012, 11:12 AM
Daedalus01's Avatar
Daedalus01 Daedalus01 is offline
Senior Member
Advanced NETGEAR Expert
 
Join Date: Nov 2008
Location: Dallas Texas
Posts: 632
Daedalus01 is on a distinguished road
Default Re: VPN not working now.

Its quite possible. They may do it so that you have to buy a business account and pay more to have a public IP. Don't know if they even do that. Even with NAT-T enabled on both ends of the tunnel, it never connects. Just for grins, it's a FortiGate 60C going to a FortiGate 200B. From what I can see from the way Verizon is setup from my sniffer, is that they do Hub and Spoke for their 3G/4G wireless devices so even with NAT-T it is possible to block IPSec. The Packet gets to the gateway and just drops.
Reply With Quote
  #9  
Old September 18th, 2012, 12:14 PM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 95,329
jmizoguchi is on a distinguished road
Default Re: VPN not working now.

It's common issues on non enterprise data cell package will not allow the VPN
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 10:37 PM.