Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: FVS336GV2 - Handling of VPN IPSec tunnel and DMZ
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-10-05
02:16 AM
2014-10-05
02:16 AM
FVS336GV2 - Handling of VPN IPSec tunnel and DMZ
Hello all.
I have some problems with the handling of VPN and DMZ rules.
Here is my configuration
1 location A, with public IP AA.BB.CC.DD
Router NETGEAR FVS336GV2, Firmware 4.3.1.18
LAN 192.168.11.254
1 location B, with public IP WW.XX.YY.ZZ
Router NETGEAR FVS336GV2, Firmware 4.3.1.18
LAN 192.168.51.254
Between the 2 locations, we have a VPN IPSec tunnel which works fine as is very stable
We want to setup a Wifi guest on each location, to give access to internet for our visitors. Direct Internet access, and isolated from our Network.
For that, we've enabled the DMZ port, with the following parameters
Location A, DMZ IP 192.168.21.1, 255.255.255.0, dhcp on DMZ enabled 192.168.21.100 to 150,
Location B, DMZ IP 192.168.61.1, 255.255.255.0, dhcp on DMZ enabled 192.168.61.100 to 150,
And we've set the following DMZ Wan Rules
Outbount services : ANY, allow always, DMZ users : all, WAN users : all
Inbound services : ANY, Allow always, DMZ server IP 192.168.21.1 (for site A) and 192.168.61.1 for (site B)
The problem is that, as soon as we enable the DMZ rules on one site, the VPN tunnel fails, and in order to have it available again, we need to disable the DMZ Wan rules and to reboot the router.
I'm sure i'm doing something wrong with the rules, but i don't know what.
Would be great if someone can help me.
Thanks in advance
kind regard
I have some problems with the handling of VPN and DMZ rules.
Here is my configuration
1 location A, with public IP AA.BB.CC.DD
Router NETGEAR FVS336GV2, Firmware 4.3.1.18
LAN 192.168.11.254
1 location B, with public IP WW.XX.YY.ZZ
Router NETGEAR FVS336GV2, Firmware 4.3.1.18
LAN 192.168.51.254
Between the 2 locations, we have a VPN IPSec tunnel which works fine as is very stable
We want to setup a Wifi guest on each location, to give access to internet for our visitors. Direct Internet access, and isolated from our Network.
For that, we've enabled the DMZ port, with the following parameters
Location A, DMZ IP 192.168.21.1, 255.255.255.0, dhcp on DMZ enabled 192.168.21.100 to 150,
Location B, DMZ IP 192.168.61.1, 255.255.255.0, dhcp on DMZ enabled 192.168.61.100 to 150,
And we've set the following DMZ Wan Rules
Outbount services : ANY, allow always, DMZ users : all, WAN users : all
Inbound services : ANY, Allow always, DMZ server IP 192.168.21.1 (for site A) and 192.168.61.1 for (site B)
The problem is that, as soon as we enable the DMZ rules on one site, the VPN tunnel fails, and in order to have it available again, we need to disable the DMZ Wan rules and to reboot the router.
I'm sure i'm doing something wrong with the rules, but i don't know what.
Would be great if someone can help me.
Thanks in advance
kind regard
Message 1 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-10-05
07:00 AM
2014-10-05
07:00 AM
Re: FVS336GV2 - Handling of VPN IPSec tunnel and DMZ
That is the way it is supposed to work.
You used the ANY Service in a Rule. ANY means everything.
You really want a router that supports VLANs.
Message 2 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-10-06
02:07 AM
2014-10-06
02:07 AM
Re: FVS336GV2 - Handling of VPN IPSec tunnel and DMZ
Hello,
Where i was wrong is that as it refers to "DMZ Wan" rules i thought that it will have effect only on the DMZ port
What i try to do is to have :
-- In ports 1 2 and 3 access to my LAN, and also access to internet.
-- In port 4 only internet browsing, and no access to the LAN
-- And of course the VPN IPSec tunnel operational
Can you tell me how to do that , or if there is a tutorial somewhere which explains the solution for this topic?
Thanks a lot
Christophe.
Where i was wrong is that as it refers to "DMZ Wan" rules i thought that it will have effect only on the DMZ port
What i try to do is to have :
-- In ports 1 2 and 3 access to my LAN, and also access to internet.
-- In port 4 only internet browsing, and no access to the LAN
-- And of course the VPN IPSec tunnel operational
Can you tell me how to do that , or if there is a tutorial somewhere which explains the solution for this topic?
Thanks a lot
Christophe.
Message 3 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-10-06
05:22 AM
2014-10-06
05:22 AM
Re: FVS336GV2 - Handling of VPN IPSec tunnel and DMZ
Remove the DMZ Rules.
Enable DMZ Port.
Message 4 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-10-06
08:11 AM
2014-10-06
08:11 AM
Re: FVS336GV2 - Handling of VPN IPSec tunnel and DMZ
Ok Adit, i'll do that.
But i've set up these rules, because only with DMZ port enabled, i was not able to browse internet from the Wifi access point.
I can connect on the access point, receive a LAN IP adress from the router, i can ping the router from the DMZ LAN, but no access to internet
And just after setting up these 2 rules, it was OK for the DMZ internet access.
Maybe i've done something wrong. I'll check that tomorrow envening and keep you updated
Angain thank you.
kind regards
But i've set up these rules, because only with DMZ port enabled, i was not able to browse internet from the Wifi access point.
I can connect on the access point, receive a LAN IP adress from the router, i can ping the router from the DMZ LAN, but no access to internet
And just after setting up these 2 rules, it was OK for the DMZ internet access.
Maybe i've done something wrong. I'll check that tomorrow envening and keep you updated
Angain thank you.
kind regards
Message 5 of 6
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-10-30
11:31 PM
2014-10-30
11:31 PM
Re: FVS336GV2 - Handling of VPN IPSec tunnel and DMZ
Hi
It took longer than i expected to go back to this location and try what has been recommended by Adit.
DMZ enabled, DMZ rules Enabled:
All internet browsing is OK from LAN or DMZ ports
VPN tunnel NOT working
DMZ enabled, DMZ rules Disabled:
internet browsing is OK from LAN
internet browsing NOT OK from DMZ port
VPN tunnel is OK.
I'm totally lost
Do you think i have to revert to the previous FW version?
Thanks for all ideas
kind regards
It took longer than i expected to go back to this location and try what has been recommended by Adit.
DMZ enabled, DMZ rules Enabled:
All internet browsing is OK from LAN or DMZ ports
VPN tunnel NOT working
DMZ enabled, DMZ rules Disabled:
internet browsing is OK from LAN
internet browsing NOT OK from DMZ port
VPN tunnel is OK.
I'm totally lost
Do you think i have to revert to the previous FW version?
Thanks for all ideas
kind regards
Message 6 of 6