NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
VPN between 2 netgear routers keeps dropping
I have 2 networks that are connnected with a VPN tunnel through 2 Netgear firewalls. One is an FVS318G (firmware 3.3.3-18), the other ons is an SRX(something, can't check right now) 4-WAN box. The s...
Hi bzness,
Kindly try to change the SA Lifetime. Let me share these old forum links below that might help as reference:
SA Lifetime Guidelines for VPN Setup
If ever it does not help, delete the existing IKE and VPN policies. Then, use the VPN Wizard to set up a box-to-box VPN between the FVS318G and SRX5308. Refer to the link below as reference guide:
Configuring a Box to Box VPN on ProSAFE/ProSECURE routers using the VPN Wizard
Regards,
DaneA
NETGEAR Community Team
Thanks.
I will check out the SA lifetimes and if that doesn't work, try to delete and set up the VPN again.
Right now it seems the VPN is stable (after I played around with the IP segments in the VPN setup. They are both set to 192.168.x.0, with the selection set to "segment".
The weird thing is that the VPN is established, but I have access to the resources at site A from site B, but not the other way around. Perhaps I need to reboot both routers ???
Ok, so I think I have found a solution and also another problem :-(
First the solution: I followed DaneA's advice, deleted the VPN policies and set them up again with the Wizard. Worked, but every time, after a while the connection would drop. I looked at the VPN logs, and I think I know what is going on, but not sure what the solution is.
In order to do have control of both routers at the same time (I can't be in two locations at the same time), I decided to log into one of the routers through my iphone (L2TP). I then went to the other site and did the wizard thing there as well.
The VPN connection was established ... and then dropped after a few minutes. In the VPN log I saw this time that another VPN channels was established (not the one between the two routers). And since I was the only one on the system, that would have to be the VPN connection to my cell phone (iPhone).
It therefore seems that the VPN tunnel between the 2 routers is stable until my iPhone breaks it. Is that possible? Can the router not maintain 2 different VPN tunnels at the same time? Why would the 2 tunnels interfere?
The reason why I have the iphone VPN in the first place is that when I am on the road I want to be able to tether my laptop to my iPhone and get access to the network (if I am not in WiFi range). that used to work fine until Apple in their infinite wisdom dropped PPTP, and will not even let a device use the iphone to use PPTP. The only options seems to be L2TP, which then breaks my box-to-box VPN.
Any solutions for this?
I believe you are referring to the SRX5308 having both box-to-box IPSec VPN with the FVS318G and L2TP VPN on your iPhone at the same time. The SRX5308 should be able to handle both VPN connections. Both VPN connections are dependent to the subscribed bandwidth with your ISP.
Kindly check this. The network address of both LANs of the SRX5308 and FVS318G should be different to each other. For example, if the LAN network address of the SRX5308 is 192.168.1.0, the LAN network address of the FVS318G should 192.168.9.0 or 10.10.10.0. Also, the starting/ending IP address configured on the L2TP server of the SRX5308 should be different to the LAN IP address of both LANs of the SRX5308 and FVS318G.
Regards,
DaneA
NETGEAR Community Team
Hello DaneA,
you are correct, the device that needs to support is an SRX5308, and from what I read, it should be able to support 2 VPN tunnels. While I had my iPhone connected yesterday, the VPN tyunnel kept crashing. Since I disconnected my iphone, the other VPN tunnel has been rock solid (thanks for the suggestiuon with the Wizard. (I am still confused about the IP addresses in the VPN Wizard. the instructions seem to indicate the the "subnet" should be specified with a "starting IP address" of x.x.x.0. I could not get that to work. Only when I entered x.x.x.1 for both subnets did I get a connection).
The internal subnets for the two Netgear boxes have different IP sections 192.168.A.x and 192.168.B.x. The L2TP server is enabled and has a third section (from 192,168.C.100 to 192.168.C.120. The rest of the VPN channels was setup exactly as described in a document I found here for iPhone setups.
What I do see is that in the VPN policy the "local IP" is defined with the "A" subnet, not the "C" subnet. (the "remote IP" is set to "Any"). Is that correct?
Thanks.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
