NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
IPSec VPN with SRX5308
Hi everyone,
I bought recently a SRX5308 firewall. I want to achieve a Client to Gateway IPSec VPN with this device. I used the VPN Wizard to configure the Gateway and I installed the Netgear VPN Prosafe client on a Windows 7 computer. I can open the tunnel but I get two issues :
* When the tunnel is open, I can't go on Internet (DNS fails)
* I can't ping any host in the remote LAN, even the VPN gateway.
I made some tests and I found that the client ping packets reach the LAN host I want to ping, the LAN host send its reply to gateway, but gateway doesn't arrive to send packets to the client.
What should I do to solve my problem ?
Thanks for your help.
I bought recently a SRX5308 firewall. I want to achieve a Client to Gateway IPSec VPN with this device. I used the VPN Wizard to configure the Gateway and I installed the Netgear VPN Prosafe client on a Windows 7 computer. I can open the tunnel but I get two issues :
* When the tunnel is open, I can't go on Internet (DNS fails)
* I can't ping any host in the remote LAN, even the VPN gateway.
I made some tests and I found that the client ping packets reach the LAN host I want to ping, the LAN host send its reply to gateway, but gateway doesn't arrive to send packets to the client.
What should I do to solve my problem ?
Thanks for your help.
49 Replies
- If I change the local LAN subnet for 172.16.1.0 /24, will it work?
- Yes..........
- Hi everyone,
I changed my LAN IP. Now my subnet IPs are:
LAN IP: 172.16.1.0 /24
VPN IP: 172.16.2.0 /24
Remote LAN IP: 192.168.1.0 /24
I can open the tunnel, but the client can't ping a LAN host. where is the problem? - I missed: the SRX5308 WAN ports are in another subnet: 192.168.1.240 /28.
- You need public WAN or broadband is transparent bridge
At basics
WAN has to have 2 public ip
2x of LAN subnet has to be different
Ex. 192.168.60.x/255.255.255.0, 192.168.70.x/255.255.255.0
Modeconfig also must be different from primary LAN subnet
If you SRXN behind exiting router than you will have probable - My ISP box doesn't have a bridge mode. All I can do is to put the SRX5308 into the ISP box's DMZ, which let all packets reach the SRX5308 without filtering. So, I can't have a public IP address for the SRX5308 WAN ports.
Then, I tried to ping the remote LAN but it doesn't work. - will not work.
You have too many IP192.168.1.240 /28 Remote LAN IP: 192.168.1.0 /24
this will NOT work. remote needs different even modeconfig usedhttp://vpncasestudy.com/casestudy/FVX538/v1649/casestudy.html
ProSafe FVS318v24 using FVX538 behind Router (Static IP and Dynamic IP)
FVX538 <->FVS318FVS318V24
Give you and idea how it should setup - I tried to download the file on the link you gave me, but when I click on it, the Website ask me for a login and a password. Is it possible to access the document without login or password?
- you don't ask here
- I sent an e-mail to the website and I got a login and a password. I downloaded the pdf file and I read it. The network configuration is the same as mine, but the first router is replaced by my ISP box/router. The 192.168.1.240 /28 subnet is only for connect the ISP box to the SRX5308 WAN port.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
