Reply
Highlighted
Aspirant

Support for NAT-T on ADSL Routers

trying to set up a IPSEC VPN between 2 networks - DGND3700V2 at one end, Cisco Firewall at the other.  Cannot complete connection to Cisco, phase 1 is fine Phase 2 fails - Logs on DGDN are shown below -

2018-09-27 11:32:32 [=== Initiating PHASE 1 Main Mode (to 185.98.181.192) ===]
2018-09-27 11:32:32 ****** SENDING FIRST Main Mode PACKET (to 185.98.181.192) ******
2018-09-27 11:32:32 ****** RECEIVE PACKET PAYLOADS (SA,VID,VID)******
2018-09-27 11:32:32 ****** SENDING PACKET (to 185.98.181.192) ******
2018-09-27 11:32:32 ****** RECEIVE PACKET PAYLOADS (KE,NONCE)******
2018-09-27 11:32:32 ****** SENDING PACKET (to 185.98.181.192) ******
2018-09-27 11:32:32 ****** RECEIVE PACKET PAYLOADS (ID,HASH)******
2018-09-27 11:32:32 ****** SENDING NOTIFICATION (INVALID_ID_INFORMATION) ******

 

Cisco reports -

seems to be getting through ike phase 1...

ike 0:Cherry_Tree-VPN:31383: PSK authentication succeeded

ike 0:Cherry_Tree-VPN:31383: authentication OK

ike 0:Cherry_Tree-VPN:31383: established IKE SA d1c81605a2255509/f5a2cf20eb63445a

ike 0:Cherry_Tree-VPN: schedule auto-negotiate

ike 0:Cherry_Tree-VPN:31383: no pending Quick-Mode negotiations

Suggestion si might be that Netgear is not supporting the Nat'd address of the outehr to inner firewall - needs to allow NAT-T. ?

 

Any Ideas anyone ?

 

 

 

 

Model: DGND3700v2|N600 WIRELESS DUAL BAND GIGABIT ADSL2+ MODEM ROUTER
Message 1 of 2
Highlighted
Guru

Re: Support for NAT-T on ADSL Routers

All newer Netgear routers are supposed to support VPN passthrough.

 

There is some generic Troubleshooting VPN passthrough for home routers in the Netgear KB, however it does mention the DGND3700V2 does support a VPN Wizard, see the DGND3700v2 User Manual p.45 ff.

 

I agree, a generic "no brainer" support for NAT-T would be perfect.

 

 

Message 2 of 2
Top Contributors
Discussion stats
  • 1 reply
  • 691 views
  • 0 kudos
  • 2 in conversation
Announcements