Fvx538

@digitalbeachbum:

Check these link below and this may help you as reference guides:
http://kb.netgear.com/app/answers/detail/a_id/24245/related/1
http://www.downloads.netgear.com/files/GDC/FVS318N/QSGVPN_4Apr2012.pdf

What FW version are you using now?

If you have successfully updated the FW to the latest version, the UI of the firewall should change (should have a yellow/purple banner).

When adding a new VPN connection using the wizard, you will be asked for a local and remote identifier. (ex. fvx_remote.com and fvx_local.com) you can actually change/modify the default one (take note of these identifiers). Once you applies the settings it should be good to go.

Now, on the client side - the new client software is different from the old ones .
Use the wizard as well.
configuration>wizard
choose "A router or VPN gateway"
enter the WAN IP of the FVS538
enter the PSK and the local network IP
the click Finish

You will see three tabs Authentication, Advanced and Certificate

click advanced

on the bottom part you will see Local and Remote ID
on the type of ID select DNS
on local ID: use the remote ID - fvx_remote.com
one remote ID: use the local ID - fvx_local.com

click apply and save

try opening the tunnel

Firmware Version (Primary): 3.0.5-28.4

Yeah, those instructions are what I did - basically the wizards on both sides then added the DNS Identifier fvx_remote and fvx_local

Let me try again and see if I missed any thing

Nhellie26 wrote:

What FW version are you using now? If you have successfully updated the FW to the latest version, the UI of the firewall should change (should have a yellow/purple banner). When adding a new VPN connection using the wizard, you will be asked for a local and remote identifier. (ex. fvx_remote.com and fvx_local.com) you can actually change/modify the default one (take note of these identifiers). Once you applies the settings it should be good to go. Now, on the client side - the new client software is different from the old ones . Use the wizard as well. configuration>wizard choose "A router or VPN gateway" enter the WAN IP of the FVS538 enter the PSK and the local network IP the click Finish You will see three tabs Authentication, Advanced and Certificate click advanced on the bottom part you will see Local and Remote ID on the type of ID select DNS on local ID: use the remote ID - fvx_remote.com one remote ID: use the local ID - fvx_local.com click apply and save try opening the tunnel

I am using a pre-shared key verses the RSA signature. Does this make a difference?

Nhellie26 wrote:

What FW version are you using now? If you have successfully updated the FW to the latest version, the UI of the firewall should change (should have a yellow/purple banner). When adding a new VPN connection using the wizard, you will be asked for a local and remote identifier. (ex. fvx_remote.com and fvx_local.com) you can actually change/modify the default one (take note of these identifiers). Once you applies the settings it should be good to go. Now, on the client side - the new client software is different from the old ones . Use the wizard as well. configuration>wizard choose "A router or VPN gateway" enter the WAN IP of the FVS538 enter the PSK and the local network IP the click Finish You will see three tabs Authentication, Advanced and Certificate click advanced on the bottom part you will see Local and Remote ID on the type of ID select DNS on local ID: use the remote ID - fvx_remote.com one remote ID: use the local ID - fvx_local.com click apply and save try opening the tunnel

Thank you. I'm looking through the info now.

Sasword wrote:
@digitalbeachbum: Check these link below and this may help you as reference guides: http://kb.netgear.com/app/answers/detail/a_id/24245/related/1 http://www.downloads.netgear.com/files/GDC/FVS318N/QSGVPN_4Apr2012.pdf

2015 Jun 4 13:43:12 [FVX538] [IKE] no phase2 found for "fvx_client"_
2015 Jun 4 13:43:12 [FVX538] [IKE] IPSec configuration with identifer "fvx_client" deleted sucessfully_
2015 Jun 4 13:43:12 [FVX538] [IKE] no phase1 found for "fvx_client"_
2015 Jun 4 13:43:12 [FVX538] [IKE] IKE configuration with identifier "fvx_client" deleted sucessfully_
2015 Jun 4 13:43:35 [FVX538] [IKE] Adding IPSec configuration with identifier "fvx_client"_
2015 Jun 4 13:43:35 [FVX538] [IKE] Adding IKE configuration with identifer "fvx_client"_

take note of this one

on local ID: use the remote ID - fvx_remote.com
one remote ID: use the local ID - fvx_local.com

they should be on that order, local on remote and vise versa.

Yep. Still isn't working

Nhellie26 wrote:
take note of this one on local ID: use the remote ID - fvx_remote.com one remote ID: use the local ID - fvx_local.com they should be on that order, local on remote and vise versa.

There must be something blocking me.... I'm going to try turning off the Windows FW.... I would suspect that something would show up on the logs on the FW

@digitalbeachbum:

Is the LAN network configured on your FVX538 different from the the LAN network of the PC where the VPN Client software is installed?

It is recommended that the LAN network on the FVX538 should be different (for example: the FVX538 LAN has a network address of 192.168.1.0) from the PC where the VPN Client software is installed (for example: the PC has an IP address of 172.16.0.2). And of course, the PC should be outside the network of your FVX538.

I turned off my Windows FW on the client but that didn't work. Do I need to open a port on the FW? I didn't think I needed to, but the strange thing is that my client isn't connecting to the FW at all. I'm not seeing any attempt on the logs

I have the LAN network set to 192.168.1.x
I have my home network set to 192.168.0.x

Sasword wrote:

@digitalbeachbum: Is the LAN network configured on your FVX538 different from the the LAN network of the PC where the VPN Client software is installed? It is recommended that the LAN network on the FVX538 should be different (for example: the FVX538 LAN has a network address of 192.168.1.0) from the PC where the VPN Client software is installed (for example: the PC has an IP address of 172.16.0.2). And of course, the PC should be outside the network of your FVX538.