NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
IPSec VPN with SRX5308
Hi everyone,
I bought recently a SRX5308 firewall. I want to achieve a Client to Gateway IPSec VPN with this device. I used the VPN Wizard to configure the Gateway and I installed the Netgear VPN Prosafe client on a Windows 7 computer. I can open the tunnel but I get two issues :
* When the tunnel is open, I can't go on Internet (DNS fails)
* I can't ping any host in the remote LAN, even the VPN gateway.
I made some tests and I found that the client ping packets reach the LAN host I want to ping, the LAN host send its reply to gateway, but gateway doesn't arrive to send packets to the client.
What should I do to solve my problem ?
Thanks for your help.
I bought recently a SRX5308 firewall. I want to achieve a Client to Gateway IPSec VPN with this device. I used the VPN Wizard to configure the Gateway and I installed the Netgear VPN Prosafe client on a Windows 7 computer. I can open the tunnel but I get two issues :
* When the tunnel is open, I can't go on Internet (DNS fails)
* I can't ping any host in the remote LAN, even the VPN gateway.
I made some tests and I found that the client ping packets reach the LAN host I want to ping, the LAN host send its reply to gateway, but gateway doesn't arrive to send packets to the client.
What should I do to solve my problem ?
Thanks for your help.
49 Replies
- remote is still 192.168.1.x that would be still an issues.
look the pdf.
there is not duplicated IP's - I made a try with 172.16.3.0 /28 to replace the 192.168.1.240 /28. But the VPN doesn't work. I only can open the tunnel.
- delete all policy on router and client and Re-do it
re-editing will continue to fails. - I deleted all configuration and I re did it.
I used the following subnets:
LAN: 172.16.1.0 /24
Remote LAN: 192.168.1.0 /24
VPN: 172.16.2.0 /24
WAN subnet (ISP box to SRX5308): 172.16.3.0 /24
But nothing happend. I always can open the tunnel, but I can't access the LAN. - You need a public IP on the WAN of the SRX5308.
- Would be the best I agree
adit wrote: You need a public IP on the WAN of the SRX5308.
I know, but I have an ISP box between Internet and the SRX5308 and it doesn't have a bridge mode.- You need to fix that..
- Hello everyone
I didn't solve my problem. I can't have a public IP address on my SRX5308 WAN port (my ISP box doesn't have a bridge mode).
But thank you for your help.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
