- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
VPN client to UTM 50 strange address problems
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a strange problem with the VPN client address that came up recently.
We have a UTM 50 with the newest Firmware 3.6.2.1
There is a VPN set up for our customers to connect to servers in the DMZ.
We use a Mode Config range 172.16.100.1 to 172.16.100.5
Local Subnet IP Address of the DMZ is 192.168.1.0, Mask 255.255.255.0
There is an IKE Policy refering to this Mode Config Record.
When a user connects to the VPN with the latest Netgear VPN Client (Lite or Professional makes no difference) the tunnel is established and everything seems to be fine. When the user tries to open the remote desktop of a server he cannot connect to the server.
I figured out that the problem does not occur when the VPN Client Address in the tunnel configuration is set to 172.16.100.1. If i take 172.16.100.5 for exmaple i cannot connect to the remote desktop or cannot ping the address in the DMZ (192.168.1.12 for example).
My local network ip address is a Vodafone dynamic IP and not a local subnet. Our customer uses a local subnet 192.168.3.x. There should be no problems with the address ranges.
By the way i use Windows 8.1 and our customer uses Windows 10 with the same symptoms.
With ipconfig and route i found out that my VPN-address is always set to 172.16.100.1 and the gateway to the DMZ network is set to 172.16.100.2 no matter what ip address is chosen in the VPN Client Address field of the VPN client. I think there is something going wrong with the client software.
Does anybody else have similar problems or any idea how to solve this. Maybe i have overseen something.
Thanks in advance
Michael
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solved the issue.
The client has an option named "Mode Config" in the extended Phase 1 configuration.
When I set this option the client receives an IP address from the VPN address pool and the route to the DMZ network is set correctly.
The strange thing is, that it worked without this option in Windows 7 for years.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solved the issue.
The client has an option named "Mode Config" in the extended Phase 1 configuration.
When I set this option the client receives an IP address from the VPN address pool and the route to the DMZ network is set correctly.
The strange thing is, that it worked without this option in Windows 7 for years.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN client to UTM 50 strange address problems
Hi mpruss,
I am glad you have shared what you did to resolve the issue here in the community.
Let me also share this forum threads below as references:
https://community.netgear.com/t5/VPN-Firewalls/SRX5308-VPN-gt-DMZ-rules/td-p/400983
Cheers,
DaneA
NETGEAR Community Team