NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Having trouble connecting netgear fvs318 vpn firewall to at&t u-verse NVG510 modem
We've been running this vpn firewall for several years as a VPN over 3 locations and a basic dsl connection. It's been running great, no problems, We just had AT&T u-verse installed. the modem they i...
Hey SamirD,
This is usually caused by one of two things;
1) ISP - call your ISP and explain that it seems like some VPN traffic is not passing through. VPN tunnel establishes but does not pass traffic.
2) Firewall rules - In some cases I've seen weird firewall rules cause issues like this, make sure you do not have any strange ANY service inbound rules. Try disabling all of your inbound firewall rules temporarily and see if it solves it.
Also make sure you are on the latest firmware. What you can do as well is packet captures, on the diagnostics page of your FVS318N there is a "Packet trace" button, while pinging from site A -> site B do a packet capture on the WAN side of site B. You should see ESP packets come in and a response going out. If that is the case, do another capture on site A's WAN side where you should see ESP going out and coming in.
By going through with those two captures you should be able to figure out on which side the issue is / where the traffic is being blocked.
Thank you for the quick reply.
AT&T is absolutely the worse support I've ever seen among any ISP. To say they suck is being very, very nice.
In my research online, it seems either one of these two scenarios is true--it will work with a static IP or it will not work at all because the AT&T router will not pass GRE packets, period.
As far as firewall rules, the fvs318n was simply moved from another location where the tunnels were up fine. Nothing has been changed except the IP address (because of the isp change) and the other endpoints connected immediately once the IP was updated. It's just that no traffic will pass. So either something is still firewalling on the AT&T, or that the AT&T won't actually pass GRE packets.
I tried a packet trace from my end, but it was just garbage when I tried to open it. But that doesn't matter as I know it has to be on this end. Both other endpoints connect fine to each other (mesh) and one of them is another fvs and the other is the watchguard so that covers all the other possibilities.
hehe yeah, ISP support in general is not always the most fun to deal with.. I'd call them and explain the situation and ask for a modem that supports true bridge mode, usually they come around if you're just very persistent :) Although I have never dealt with your particular ISP myself.
Anyways, issue seems to be ISP related in this case I'm afraid - so not much more to do than; convince ISP to allow true bridge or change ISP :/
AT&T uverse doesn't have a bridge mode at all. And there's a slim and none chance that they'll give the older equipment that actually worked correctly with this type of setup.
I've ordered a block of static IPs. If that doesn't do the trick, I guess I'll need a second cable connection just for the vpn.
To help anyone else that runs into this issue with the 5268--a static IP solved the issue.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
