NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
FVS336G and Bluecoat Filter/ IPSec
We have a FVS336Gv2 router. We are setting up the Threatpulse web filter form Bluetooth. It can work with an IPSec tunnel to their site which provides the filtering.
Their tech support helped me set up in IKE policy that connected to their site. Once we connected, however, our SBS 2011 server was no longer accessible from the internet. That means no SMTP on port 25 and no remote access, etc on port 443. We looked for ways to just direct outbound port 80 and 443, but didn't see a way to do it. Can policies be created for specific ports?
Their tech support helped me set up in IKE policy that connected to their site. Once we connected, however, our SBS 2011 server was no longer accessible from the internet. That means no SMTP on port 25 and no remote access, etc on port 443. We looked for ways to just direct outbound port 80 and 443, but didn't see a way to do it. Can policies be created for specific ports?
12 Replies
- Then the tunnel was setup wrong.
- The Bluecoat tech person with whom I spoke only knew about Cisco and Juniper routers.
Could you point me in the direction as to how to set up the tunnel? We were able to get to the outside IP address; the only problem is that the incoming traffic on port 25 was no longer to access our local router.
Thank you for your help and patience. - tunnel does not touch any ports so you have other settings in the router that causing the issues.
- Post screenshots of the VPN setup.
- I don't see the attachment arrow in any browser to allow me to upload teh screenshots. But here is the summary:
VPN Policy:
General:
Policy name: Bluecoat
Policy Type: Auto Policy
Select Local Gateway: WAN 1
Remote Endpoint: IP address from Bluecoat
NetBIOS, rollover, Keepalive not enabled.
Traffic Selection:
Local IP: Subnet
Start IP Address: 192.168.0.0
Subnet Mask: 255.255.255.0
Remote IP: any
Manual Policy Parameters: Greyed out
Auto Policy Parameters:
SA Lifetime: 3600 Seconds
Encryption Algorithm: 3DES
Integrity Algorithm: SHA-1
PFS Key Group:
DH Group 2 (1024 bit)
Select IKE Policy: Bluecoat
IKE Policy:
Mode Config Record? no
Policy Name: Bluecoat
Direction/type: Both
Exchange Mode: main
Local Gateway: WAN1
Identifier Type: Local Wan IP
Identifier: IP address from Comcast
Remote Identifier type: Remote WAN IP
Identifier: IP from Bluecoat
IKE SA Parameters:
Encryption Algorithm: 3DES
Authentification Algorithm: SHA-1
Authentification Method: Pre-shared Key
Pre-Shared Key
DH Group: Group 2 (1024 bit)
SA Lifetime: 28800
Enable Dead Peer Detection: No
XAuth Configuration: None - Use imageschack.us to post screenshot BOTH sides
- The Remote IP cannot be set to ANY. You need to specify the correct subnet. Otherwise all destination IP's other than yours will be directed across the tunnel, like the problem you have now.
- Thank you, I will let them know.
I am very grateful for your help! - and top of that.... I would avoid 192.168.0.x IP on FVS if you are going to use more IPsec tunnel. Using common IP subnet 192.168.0.x, 192.168.1.x, 10.1.10.10, 10.0.0.x , should be avoided for long run
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
