- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
FVS318N VPN Setup behind NAT Modem
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FVS318N VPN Setup behind NAT Modem
Hello guys,
I'd like to use my FVS318N router (fw4.3.5-3) as a VPN Server to acces my SOHO-LAN but given that it is behind a NAT Modem I couldn't yet. Which are the ports I have to forward on the NAT Modem to use Netgear IPSec or L2TP implementation on FVS318N?
Setup: Win10 with VPN Client -> NAT Router/Modem -> Internet -> NAT Modem -> FVS318N -> SOHO-LAN
Or the only way is to DMZ/Passthrough all ports on the NAT Modem as suggested on some posts below? I was trying to leave the NAT Modem as a first firewall for basic PortScan/DOS security (stop it or explode) and the FVS318N as the real Firewall, but if I DMZ the NAT Modem I would loose this "double security" exposing FVS318N to everything.
https://community.netgear.com/t5/VPN-Firewalls/FVS318N-Box-to-Box-VPN-with-NAT/m-p/1146416#M5652
https://community.netgear.com/t5/Wired-Routers/VPN-and-NAT/td-p/330922
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS318N VPN Setup behind NAT Modem
Hi @LangusIII,
Welcome to the community! 🙂
Another option is if ever the modem connected to the FVS318N is a modem-router combination, I suggest you to set the modem-router to full-bridge mode so that it will become a modem-only device. This will make the WAN IP Address be registered to the FVS318N which makes it as the main router.
Refer to the image below as reference for the recommended network setup:
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS318N VPN Setup behind NAT Modem
The proper ports/protocols needed for IPsec VPN to pass through a NAT device (such as your front line NAT modem) are:
UDP ports 500 and 4500
Protocol ESP (protocol number 50)
That said, I agree with DaneA's recommendation to just put the modem into DMZ mode (sometimes called "passthrough" or "bridge" mode) and run the FVS318N directly exposed. It's a firewall, it was designed to do exactly that. It will provide adequate security (at least until its internal software gets too old; Netgear end-of-lifed all the FVS VPN firewalls last month, so there will be no future security updates).
Doing this also avoids you being in what's called a "double NAT" situation, which can wreck havok on performance and reliability for certain protocols. Not to mention, the 318N is almost certainly more powerful of a NAT engine than the modem.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS318N VPN Setup behind NAT Modem
I just want to follow-up on this. We’d greatly appreciate your feedback.
If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
DaneA
NETGEAR Community Team