NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jxdomb's avatar
jxdomb
Aspirant
Sep 28, 2016

FVS318N Box-to-Box VPN with NAT

I'm trying to set up a box-to-box IPSec VPN tunnel between an office and branch location.  The office location has an external static IP address so no problems there.  However, the ISP servicing the ...
fvs318n
NAT
Security
VPN
DaneA's avatar
DaneA
NETGEAR Employee Retired
Oct 03, 2016

Hi jxdomb,

 

We’d greatly appreciate hearing your feedback letting us know if the information I’ve provided has helped resolve your concern or if you need further assistance.  If ever your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

 


Regards,

 

DaneA

NETGEAR Community Team

jxdomb's avatar
jxdomb
Aspirant
Oct 03, 2016

Hi, Dane:

 

I appreciate your passing along the link to the previous post.  It does describe my situation but the answer wasn't quite what worked for me.  In the post it talked about opening up the proper ports in the NAT'ed router however that wasn't possible in my case.

 

So I tried making the fixed IP router the responder and the NAT'ed router the initiator.  I pointed the remote endpoint  of the VPN policy in the NAT'ed router to the fixed IP of the other router.  And I entered the external IP address of the NAT'ed router as the remote endpoint of the VPN policy of the fixed router.  This seems to have done the trick because the NAT'ed router successfully initiates a tunnel with the fixed router.  The only limitation is that the fixed router cannot likewise initiate a tunnel to the remote router because it is behind the NAT and I have no way of opening the proper ports.

 

Thanks for your suggestion!

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Oct 03, 2016

    Hi jxdomb,

     

    I appreciate your feedback.  I'm not sure if this will help since the FVS318N needs to be the main router.  On the virtual NAT device at the ISP, is it possible to configure a DMZ (Demilitarized Zone) port?  If yes, you may try to connect the FVS318N to the DMZ port of the virtual NAT device at the ISP.  

     

    Kindly read the article below about DMZ.

     

    DMZ on NETGEAR routers

     


    Regards,

     

    DaneA

    NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More