NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
VPN use Mode Config Record fails
The FVS336G is the gateway and the LAN uses 192.168.1.x IP range. I can create the IPSEC VPN, using VPN Policy as per the instruction manual, and it works great, and so easy to configure. All my computers are Apple Mac OS X, and using IPSecuritas as the VPN client, according to Netgear KB http://kb.netgear.com/app/answers/detail/a_id/24242 However, I have obvious problem when the remote client LAN also has same local IP address range of 192.168.1.x. Its not a reasonable option for me to change my business LAN ip addresses. After studying the manuals, KB etc, I see that the way to overcome this is to assign a different subnet to the incoming VPN clients and this is simply managed by changing the IPSEC VPN to use Mode Config Record. This is pretty basic stuff, On the Netgear just create a pool 192.168.169.1 to 254, and set the security the same as before, and enable Mode Config. On the client, simply change the endpoint IP adress from 192.168.1.0/24 to 192.168.169.0/24 and go The error message in the client is: IKE [Netgear host IP] give up to get IPsec-SA due to time up to wait. Error message in Router: ERROR: Failed to get IPsec SA configuration for: 192.168.169.1/24<->192.168.43.178/32 from vpnclient.private I contacted Netgear support who then took remote control of my computes and configured IPSEC VPN straight from the manual - doiing nothing different than what I did, and get exactly the same problem. If I flip the settings back to before, on both client and host, the VPN works again. It makes no difference whether XAUTH is set to none, or user login, the problem is the same. Have tried on two different client MAC's on two different networks. Netgear also attempted to create built in OS X vpn client using Cisco IPSEC configuration and result pretty much the same. Any ideas? I thought this should be simple.