NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Allow VPN connections
I am trying to set up a WNR1500 to allow VPN connections. I need to OPEN ports, 443, 500, etc. to the entire LAN subnet. It appears that all of the settings for Blocking Services, UPNP, DMZ are...
fred339 wrote:
1. ...I should think that such an arrangement would work with no firewall tweaking because they have to work in coffee shops, no?
We agree. Also, the normal NAT processes you outlined earlier will work in this case.
fred339 wrote:
2. If there is a VPN device brought into our faciltiy's guest network (for site-to-site VPN) then, since our firewall intercedes upstream of it, are there requirements on our router firewall rules that will allow this to work?
I guess this depends on the nature of the device. The VPN site-to-site device in my home office (Aruba) would work fine. It makes an outbound connection to the corporate infrastucture, and client devices using it need to connect to the Aruba over wifi or ethernet. More than one of these gadgets should work fine in your hypothetical.
If the device has to accept an inbound connection from the far end, then of course your reasoning is perfectly correct.
Well, when the VPN device is also the network gateway then it's easy. But when the VPN device is behind a firewall then I've always had to open ports. I've never thought about which end point is "sending" as they appear to be symmetrical.
fred339 wrote:
Well, when the VPN device is also the network gateway then it's easy. But when the VPN device is behind a firewall then I've always had to open ports. I've never thought about which end point is "sending" as they appear to be symmetrical.
The only hardware VPN device I have experience with is the Aruba, which doesn't need any ports opened.
OpenVPN is enabled on my R8500 (which is behind my ISP router), and of course I do need to open ports in the ISP router for it.