I'm trying to set up a box-to-box IPSec VPN tunnel between an office and branch location. The office location has an external static IP address so no problems there. However, the ISP servicing the branch provides a 192.168.X.X address to the FVS318N rather than an external (static or dynamic) IP address. The branch is effectively behind a virtual NAT device at the ISP. How can I set up a box-to-box VPN in this situation? Thanks for any assistance with this!
Model: FVS318N|ProSafe Wireless N 8 port gigabit VPN firewall
We’d greatly appreciate hearing your feedback letting us know if the information I’ve provided has helped resolve your concern or if you need further assistance. If ever your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
I appreciate your passing along the link to the previous post. It does describe my situation but the answer wasn't quite what worked for me. In the post it talked about opening up the proper ports in the NAT'ed router however that wasn't possible in my case.
So I tried making the fixed IP router the responder and the NAT'ed router the initiator. I pointed the remote endpoint of the VPN policy in the NAT'ed router to the fixed IP of the other router. And I entered the external IP address of the NAT'ed router as the remote endpoint of the VPN policy of the fixed router. This seems to have done the trick because the NAT'ed router successfully initiates a tunnel with the fixed router. The only limitation is that the fixed router cannot likewise initiate a tunnel to the remote router because it is behind the NAT and I have no way of opening the proper ports.
I appreciate your feedback. I'm not sure if this will help since the FVS318N needs to be the main router. On the virtual NAT device at the ISP, is it possible to configure a DMZ (Demilitarized Zone) port? If yes, you may try to connect the FVS318N to the DMZ port of the virtual NAT device at the ISP.
