NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
IPSec VPN with SRX5308
Hi everyone,
I bought recently a SRX5308 firewall. I want to achieve a Client to Gateway IPSec VPN with this device. I used the VPN Wizard to configure the Gateway and I installed the Netgear VPN Prosafe client on a Windows 7 computer. I can open the tunnel but I get two issues :
* When the tunnel is open, I can't go on Internet (DNS fails)
* I can't ping any host in the remote LAN, even the VPN gateway.
I made some tests and I found that the client ping packets reach the LAN host I want to ping, the LAN host send its reply to gateway, but gateway doesn't arrive to send packets to the client.
What should I do to solve my problem ?
Thanks for your help.
I bought recently a SRX5308 firewall. I want to achieve a Client to Gateway IPSec VPN with this device. I used the VPN Wizard to configure the Gateway and I installed the Netgear VPN Prosafe client on a Windows 7 computer. I can open the tunnel but I get two issues :
* When the tunnel is open, I can't go on Internet (DNS fails)
* I can't ping any host in the remote LAN, even the VPN gateway.
I made some tests and I found that the client ping packets reach the LAN host I want to ping, the LAN host send its reply to gateway, but gateway doesn't arrive to send packets to the client.
What should I do to solve my problem ?
Thanks for your help.
49 Replies
- these are the screenshots of my settings.
VPN policy:
IKE policy:
Client parameters:
- I deleted ALL my configurations, static routes, ...
I used the VPN Wizard to create a policy. I used two differents subnets for VPN and LAN.
I configured the Netgear VPN client. I can open the tunnel and go on Internet while the tunnel is open. But when I type "ipconfig /all" on the remote client, I can see that the tunnel interface doesn't have any gateway. How can I set a gateway for the tunnel?
Thanks for your help. - 192. is private.. SHOW ...
also show FQDN if you are not using dyndns alias
Only public IP of last octet should be masked - I found it's normal that the tunnel doesn't have any gateway. But my problem is I can't ping any remote host. I think the problem is VPN packets aren't routed to LAN. Am I right? How can I solve it?
- 192. is private.. SHOW ...
also show FQDN if you are not using dyndns alias
Only public IP of last octet should be masked - Hi everyone,
Here is my VPN configuration, for the gateway and for the client. There are no static routes.
VPN policy:
IKE Policy:
Client parameters:
I can open the tunnel, but I can't ping a LAN host. Where is the problem? Routing between VPN and LAN?
Thanks for your help. - You can not use same LAN subnet in not side
Ex
129.168.1.x and 192.168.50.x - SRX is 192.168.1.x ..
What is the remote LAN subnet ? - The remote LAN subnet is 192.168.1.0 /24. So it's different from the LAN one.
- won't work
It has to be different.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
