NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
chrbus
Jan 26, 2017Aspirant
Netgear SRX5308 Site to Side VPN with Fritzbox 7490
Hello everybody.
I am new here and I am also interested in connecting our SRX5308 with a Fritzbox 7490.
However, oit is realy difficult to find information about how a configuration file of the netgear for a Fritzbox looks like.
Is there any sample config file, which i could fit to our busines network?
Hope the question is not wrong or stupid.
Some details:
NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308
Firmware Version: 4.3.4-1
AVM Fritzbox 7490
Firmware Version: 6.80
Best Regards and Thanks!
Chris
2 Replies
- externaluseAspirant
Hi Chris
This is a bit difficult to answer without a little more detail on your part. I assume that you are comfortable with IPs, VPN basics and the likes.
The problem with AVM (the Fritz Box) is how they name particular options - just google e.g. "phase2ss" and you get a multitude of options but with little description of what they use. This is what I got to work, using a remote site (Site B) with a Fritz Box 7490 (OS 6.80) behind a dynamic IP and an SRX5308 (4.3.4-2) with a static IP (Site A) as the other end.
For the Fritz Setup you will have to create a configuration file and import the configuration.
Here's my configuration file for Site B:
vpncfg {
connections {
enabled = yes;
editable = yes;
conn_type = conntype_lan;
name = "YOURCONNECTIONNAME";
always_renew = yes;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "THEHOSTNAMEOFSITEA";
localid {
fqdn = "SITEBHOSTNAME_EG_DYNDNS";
}
remoteid {
fqdn = "SITEA_HOSTNAME";
}
mode = phase1_mode_aggressive; // never got mode main to work here
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "PRESHAREDKEY";
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.178.0; // YOUR SITE B IP NET
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 10.0.0.0; // YOUR SITE A IP NET
mask = 255.255.255.0;
}
}
phase2ss = "esp-3des-sha/ah-no/comp-no/pfs"; // TONS OF SETTINGS POSSIBLE, but this is the only one without compression I could find and got bored trying other combinations
accesslist = "permit ip any 10.0.0.0 255.255.255.0", "permit ip any 192.168.72.0 255.255.255.0"; // YOUR Accesslist on Site A. Here the main Network and a VLAN on the SRX
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOFNow to the SRX'es End of the business.
You'll need a VPN policy for each of the networks in the above access list, such as the VLANs. With the exception of the Traffic Selection all settings can stay the same.
My VPN policy for the Main network 10.0.0.0/24 looks like this:
Remote Endpoint: (Dyn)DNS name of the Fritzbox
Enable Netbios yes
No Keepalive
Traffic Selection:
Subnets obviously
Auto Policy Parameters:
SA Lifetime 3600
Encryption 3DES
Integrity SHA-1
PFS DH Group 2
IKE Policy
General:
Direction Both
Exchange Mode Aggressive
Local Gateway WANx
Identifier FQDN - must match SITEA_HOSTNAME above
Remote:
Identifier FQDN - must match SITEBHOSTNAME_EG_DYNDNS
IKE SA
Encryption 3DES
Authentication SHA-1
Pre-Shared Key - must match PRESHAREDKEY above
DH Group 2
SA Lifetime 3600
No Dead Peer Detection
That's it. Let me know how you get on. If it doesn't work, don't forget the logs on the SRX, a bit more about your level of knowledge, and your starting setup.
Good luck. The Fritz Box is not a professional VPN device, they must have included that as an afterthought...
- chrbusAspirant
A few adjustments were necessary, but it worked.
Your guide was very helpful.I am so happy!
I will now do a few tests and refine the configuration and post my results.
Thank you very much!!
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!