Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Netgear DG814 SecuRemote FW1 VPN

10 views
Skip to first unread message

Julian Prentis

unread,
Dec 18, 2002, 11:05:45 AM12/18/02
to
I am using the Netgear DG814 firmware 4.4 with BT BroadBand and would like
to connect to my office VPN (Firewall 1 v4.1) using SecuRemote (this worked
using the standard Alcatel ray / frog).

I have seen a number of posts on the subject of the VPN passthrough and
whether it works or not, but I can't work out how to configure the router to
do this.

Any help would be most appreciated.

Julian


Rick Marks

unread,
Dec 18, 2002, 12:24:55 PM12/18/02
to

Several musts:

Make sure you have the latest client, download it from the Checkpoint
website . I use v4.1 SP5 3DES
In the config of the FW-1 client you must use IKE, not FWZ encryption
- NAT breaks FWZ apparently. Your firewall manager may also need
to select that option for you in some firewall rules.

And from a hazy memory...
Various ports need enabling specifically UDP port 2746
You also need to forward UDP port 500 to your host

Good luck....

RM

Alex Butcher

unread,
Dec 18, 2002, 1:40:27 PM12/18/02
to

Take a look at <http://www.phoneboy.com/fom-serve/cache/13.html>,
particularly <http://www.phoneboy.com/fom-serve/cache/89.html> (NAT),
<http://www.phoneboy.com/fom-serve/cache/494.html> (protocols),
<http://www.phoneboy.com/fom-serve/cache/306.html> (how SecureRemote works
in five paragraphs).

> Julian

Best Regards,
Alex.
--
Alex Butcher Brainbench MVP for Internet Security: www.brainbench.com
Bristol, UK Need reliable and secure network systems?
PGP/GnuPG ID:0x271fd950 <http://www.assursys.com/>

Julian Prentis

unread,
Dec 18, 2002, 1:48:13 PM12/18/02
to
Thanks for this information, and the post above, I have read all the great
stuff on phoneboy which is very useful, but I still cannot translate this to
a configuration on the Netgear router.
Just tried the Netgear 24 hour support line but they close at 6pm!

"Alex Butcher" <alex.butch...@assursys.co.uk> wrote in message
news:pan.2002.12.18....@assursys.co.uk...

Adrian

unread,
Dec 18, 2002, 4:46:10 PM12/18/02
to
Easy option should they be willing is to ask your FW admins to allow UDP
encapsulaton. Then the only thing you might need to do on the router is make
sure that your own private IP address range that you use for the router and
your computer(s) does not clash with any internal addressing system although
I'm surprised that even this matters (this is based on a brief read of the
links: could be wrong). The Cisco stuff that I'm familiar with doesn't
require this. I'm using a Netgear DG814 at the moment with no added changes
and the Cisco VPN Client using UDP encapsulation and I have never needed to
setup anything unusual on any NAT router that I've connected from.

Regarding the port 500 udp forwarding, the Netgear should take care of all
of this as long as you don't require the firewall to initiate a connection
to you which I don't think it even can to a securemote client. If you use
UDP encapsulation the firewall may well deal with it without any special
port 500 handling depending on which IETF drafts it supports. (technical
terms: if it handles IKE with a UDP source port other than 500)

Good Luck.

in article atqftd$514$1...@venus.btinternet.com, Julian Prentis at
julian....@btinternet.com wrote on 18/12/02 6:48 pm:

Chris Davies

unread,
Dec 27, 2002, 6:09:55 AM12/27/02
to
Did you get anywhere with this? I am having exactly the same problem
(dg814 and secure remote). I too have read the posts and can make no
progress. Any help would be much appreciated!
Thanks All
Chris

Frank Jukes

unread,
Dec 27, 2002, 6:43:58 AM12/27/02
to
cj...@btclick.com (Chris Davies) wrote in
news:9484bfe4.02122...@posting.google.com:

> Did you get anywhere with this? I am having exactly the same problem
> (dg814 and secure remote). I too have read the posts and can make no
> progress.

I know very little (nothing!) about VPN but I am using a DG814 to connect
to one.

When I upgraded to firmware v44_1105 (7 November 2002) my outbound ipsec
VPN connection stopped working.

I've gone back to v44rc5 (14 October 2002) and that, along with previous
versions, works.

If you're using v44_1105 it might be worth downgrading?

--
Frank

Beware spamtrap - remove the negative

Julian Prentis

unread,
Dec 31, 2002, 4:47:18 AM12/31/02
to
No I still haven't got any further with it (gave up for Christmas).
I have allowed a number of different ports but this hasn't made any
difference.
I get authenticated and can ping by name and number but cannot connect to
any servers.
I'll have a look at the firmware version and see if using an earlier one
works.
Thanks for the suggestion.

Julian

"Frank Jukes" <fr...@spinningweb.notnet> wrote in message
news:Xns92F1770...@127.0.0.1...

Chris Davies

unread,
Jan 8, 2003, 7:23:04 AM1/8/03
to
Julian

That is interesting. I don't even get an authentication dialogue box
with my dg814 set up - so you are further along than me. Can you let
me know how you have your dg814 and client machine install of secure
remote set up (so I can make some progress)?

Many thanks

Chris

Julian Prentis

unread,
Jan 9, 2003, 5:29:48 AM1/9/03
to
I've now tried the earlier firmware version - 4.3 but I'm still having the
same problems.

Julian

"Rick Marks" <di...@yahoo.com> wrote in message
news:v18o1v08ofs4f7h7o...@4ax.com...

> A packet sniffer installed on a machine on the private LAN can help to
> debug what is going on.
>


Beech Court

unread,
Jan 10, 2003, 6:21:10 AM1/10/03
to
The ports that I have set up to forward are: 47, 135, 137-139, 259, 264,
500, 1723, 2746, 3389, and 18207.

"Julian Prentis" <jul...@premierfunds.co.uk> wrote in message
news:3e1d4f04$0$889$afc3...@news.easynet.co.uk...

0 new messages