Orbi WiFi 7 RBE973

Site to site iPSec VPN with two BR500 VPN router

SCCHANG
Tutor

Site to site iPSec VPN with two BR500 VPN router

Need help! We're an elementary non-profit school with 2 small campuses. We have been using Netgear SRX5308 router in one campus and a Netgear BR500 router on the other campus. It has been running fine for the last 3 years+ with an IPSec VPN. We recently had problems with the SRX5308 and replaced it with an used BR500. Although we set up the replacement BR500 with the same settings as the other one, it would not establish the VPN. We checked and tried the following already without any success: 1) Firmware on both routers are the same at V5.10.0.5. 2) We had a slight custom Phase 1 and 2 VPN parameter settings but changed it to the default ones per the Netgear user manual. 3) We changed each site as Initiator and Responder combinations 4) Both routers are behind Comcast modem/router and we tried opened the firewall completely.

 

We would appreciate any suggestions what we may have missed.

 

Thank you in advance for the help!

 

Sun

Message 1 of 8

Accepted Solutions
DaneA
NETGEAR Employee Retired

Re: Site to site iPSec VPN with two BR500 VPN router

@SCCHANG,

 

You may want to downgrade the firmware to an earlier version in order to isolate the problem.  Just be reminded that downgrading the firmware will not have the enhancements and bug fixes of the later (or latest) firmware version.  

 

You can check the older BR500 firmware version here.


If ever you are not yet aware as this might be related with the VPN issue you encountered, let me share the article below:


Security Advisory for Multiple Security Vulnerabilities on BR200 and BR500, PSV-2021-0286

 


Regards,

 

DaneA

NETGEAR Community Team

View solution in original post

Message 5 of 8

All Replies
DaneA
NETGEAR Employee Retired

Re: Site to site iPSec VPN with two BR500 VPN router

@SCCHANG,

 

Kindly check the article below and use it as your guide:

 

How do I set up a site-to-site IPSec VPN on my NETGEAR BR500 Business Router?

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 8
SCCHANG
Tutor

Re: Site to site iPSec VPN with two BR500 VPN router

DaneA,

I read through the entire manual section of the Netgear BR500 IPSec VPN set up section and also looked at that KB article you suggested. Everything matched between the two BR500 routers and I double checked a few times already to make sure I didn't miss anything. With the BR500 IPSec settings previously worked with the Netgear SRX 5308 router which I copied to the second BR500, it should then worked, but it didn't. Changing to the default IPSec VPN settings suggested by the manual which is basically the same as the KB article but it still did not work...

Did anyone have similar experience or have two BR500 working site to site in a IPSec VPN connection? I would appreciate sharing with me what you have/configure to get it working.

 

Thank you for the help.

 

Sun

Message 3 of 8
SCCHANG
Tutor

Re: Site to site iPSec VPN with two BR500 VPN router

Hi DaneA,

You replied back to me before about my problem. At about the same time, I received a reply message from another Netgear support admin which I overlooked. I thought about it a few days ago (I'm travelling and currently out of the country now.) as the message came with a link to Version 5.6.... firmware without any other information. At that time I didn't think more about it as I have been running Ver 5.10.... firmware already. Is it possible that I should download an older version firmware to make the site to site iPSec VPN work? I searched on the Netgear community site and also in my email account, but could not locate that message again. Could you please help to confirm that:

1. Should I download the older version firmware?

2. What version is it? I can only remember it is ver 5.6... but don't know the exact version.

3. Would there be any problem if I replace the latest firmware with an older firmware?

Thank you in advance for your help.

Sun

 

 

Message 4 of 8
DaneA
NETGEAR Employee Retired

Re: Site to site iPSec VPN with two BR500 VPN router

@SCCHANG,

 

You may want to downgrade the firmware to an earlier version in order to isolate the problem.  Just be reminded that downgrading the firmware will not have the enhancements and bug fixes of the later (or latest) firmware version.  

 

You can check the older BR500 firmware version here.


If ever you are not yet aware as this might be related with the VPN issue you encountered, let me share the article below:


Security Advisory for Multiple Security Vulnerabilities on BR200 and BR500, PSV-2021-0286

 


Regards,

 

DaneA

NETGEAR Community Team

Message 5 of 8
SCCHANG
Tutor

Re: Site to site iPSec VPN with two BR500 VPN router

Hi,

 

Our school is still in winter break and I have not been able to try downgrade the BR500 firmware. I read a little about Insight cloud service and wonder whether we're better off to use it for our site to site VPN. I have questions after reading a bit about Insight online for our site to site VPN connection:

1. It says cost is $9.99 per year for one device, that means for our two sites with 2 BR500, it costs $19.98 per year, am I correct?

2. Do we need to have both BR500 running the latest firmware which is V 5.10.0.5? (Before I try to download their firmware...)

3. Any limitation with using Insight instead of direct VPN between 2 sites with BR500?

4. What is the experience of disconnect or up time (e.g. 95% up time or better...)?

5. Any link you could provide in setting up Insight quickly with the proper steps?

 

Thank you,

 

Sun

Message 6 of 8
DaneA
NETGEAR Employee Retired

Re: Site to site iPSec VPN with two BR500 VPN router

@SCCHANG,

 

For me, I won't recommend using NETGEAR Insight to your BR500 because the BR500 is already EoL (End-of-Life) which means it is not being manufactured anymore as well as there will be no new firmwares that will be released and be aware about its multiple security vulnerabilities. The BR500 will not be able to handle any updates or fixes in NETGEAR Insight because of its EoL status.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 7 of 8
SCCHANG
Tutor

Re: Site to site iPSec VPN with two BR500 VPN router

Hi DaneA,


I downgraded both BR500 router firmware from 5.10.0.5 to 5.6.0.2 (the version I know site-to-site IPSec VPN worked between the BR500 and SRX5308) without any configuration changes (router nor VPN configuration) and the site-to-site VPN started running without any issues. Hope this confirmation helps other who ran into site-to-site IPSec VPN connection problems.

 

Thanks for suggesting the firmware downgrade to troubleshoot the issue.

 

Sun

Message 8 of 8
Discussion stats
  • 7 replies
  • 2527 views
  • 1 kudo
  • 2 in conversation
Announcements