I use the ipsec tunnels exactly how you're wanting to connect external devices. The solution for that was to get a block of static IPs from AT&T that even though they had to be programmed into the same router that was blocking phase 2 in the dmz, worked with the static IPs. With AT&T, that didn't work as phase 2 of the ipsec connection was somehow being blocked. With Verizon it was pretty simple as I was able to just put it in the dmz of the Verizon router. But in 2 different cases, I've had to put them behind other routers, once with Verizon and once with AT&T. Now, I usually use these as the main router as they are stable and fast enough to handle what I need them to (even though the specs say it can only do 250Mbps wan to lan, I have found that they can do much more than that and even spike up to 800Mbps+). No worries about holes in your firewall or whatever. And the beauty is that all of this traffic is encapsulated so it's secure at the packet level. It's great for devices that were never intended to work this way too since they don't even know they are connected to or accessed by someone or something else many miles away. I have several of these deployed across the US connecting various sites together so they look like they are on one single lan. Thu Nov 03 10:50:22 2016 (GMT +0000): INFO: Configuration found for 85. actually have the FVS318N, and it is terrific for what you are needing to do, making robust, industry standard IPsec tunnels to any other device that supports IPsec tunnels. Thu Nov 03 10:50:22 2016 (GMT +0000): INFO: Received request for new phase 1 negotiation: 85. Thu Nov 03 10:50:22 2016 (GMT +0000): INFO: Beginning Identity Protection mode. Thu Nov 03 10:50:22 2016 (GMT +0000): WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server". Thu Nov 03 10:50:23 2016 (GMT +0000): WARNING: Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC". Thu Nov 03 10:50:23 2016 (GMT +0000): WARNING: Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server". Thu Nov 03 10:50:23 2016 (GMT +0000): WARNING: Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA". Thu Nov 03 10:50:23 2016 (GMT +0000): ERROR: Failed to get matching proposal for 85. I’ve set the iPad with a L2tp connection VPN but everytime I click connect I get the following log on the router and the iPad doesn’t authenticate correctly. I’m sorry but this is new ground for me and would appreciate your help on this. The WAN light is green and I am able to surf the internet with a pc wired directly to the router. I’m using a Netgear FVS336Gv2 which is connected to a fibre modem. I’m trying to get a Client to Gateway VPN working with L2tp and IPSEC.
0 Comments
Leave a Reply. |