FVS318N to Netgear PRO Safe Client - IPSEC

Setting up firewall rules doesn't take effect on VPN tunnels. Its the IKE and VPN policies that govern the VPN connection. Firewall rules are meant to take effect on the WAN connection and of course that is via the WAN port. :) Are you remotely connected to a PC within the LAN of your FVS318N via the VPN connection and you want to go online using the PC that you are remotely connected to, am I right?

I would rather use the tunnel to go directly to the sites I need so they see the static ip on wan side of my FVS318N. I don't want to have to leave any computers on (off the FVS) while on travel to access the internet thru the FVS.

You should be able to configure the VPN policy for "full" tunneling - which will force all traffic from the client through the tunnel and get to the internet that way, unfortunately, I no longer use the Netgear VPN client, so I can not provide specific steps. You'll need to change the traffic selection section of the VPN policy (possibly at both ends) where you specify the LAN network behind the FVS318 so that it says any.

The ShrewSoft client has a setting in the policy tab for "tunnel all" - I don't recall a similar setting in the ProSafe client.

The VPN Client Lite does have ability to disable split tunnel which I have configured.

The Tunnel opens on client with IP 192.168.4.2/255.255.255.0, the client does not show a Default Gateway.

I can ping the FVS and most devices on the Lan thru the tunnel.
I can not ping the VPN client from LAN computer (192.168.3.x)

scott_1971 wrote:
I can ping the FVS and most devices on the Lan thru the tunnel.

This proves that the tunnel works, for ping to work the ping request must reach the device, through the tunnel and the response must return, again through the tunnel.

I can not ping the VPN client from LAN computer (192.168.3.x)

Why is this a problem? The test above proves that the tunnel works.

If you can ping 192.168.3.x from the VPN client, you have traffic passing through the tunnel in both directions - what is probably happening is that the ping request is blocked at the VPN client by a personal firewall or similar.

The Tunnel opens on client with IP 192.168.4.2/255.255.255.0, the client does not show a Default Gateway.

I believe this is normal, I certainly wouldn't worry too much about it - the fact that you can reach another network (the 192.168.3.x one) indicates that the client knows how to get "off lan" which is what the default gateway entry is used for.

In short - you haven't told us anything that suggests there is a problem - is there something that is not working?

fordem - Thanks for your timely response. I understand the Tunnel is open and good, so here is my problem.

I need to use the FVS WAN side to access internet thru the tunnel. My WAN IP is static and on "white list" of a customer. What firewall/security rules do I need to set on the FVS (and/or tunnel client computer) to be able to access the internet thru the FVS?

Really appreciate your help.

R/scott

Full tunneling is what you need to set up. With split tunneling, the traffic is split so that only the traffic for the LAN at the far end through the tunnel, and every thing else goes to the internet at the VPN client location; with full tunneling, ALL the traffic is sent through the tunnel, so the internet can only be reached by going through the internet connection at the far end.

I have full-tunnel (disabled split tunnel) and unable to access the internet service provided off the FVS.

Did you make any changes to the traffic selection policy at the FVS end?