Help with getting VPN connection for Windows File Sharing between two DG834G routers - Firewalls

This is a discussion on Help with getting VPN connection for Windows File Sharing between two DG834G routers - Firewalls ; I am having a lot of difficulty in getting the vpn functionality available on the Netgear DG834G to work as gateway-to-gateway. I have two identical routers each with similar vpn and firewall rules setup and the best I managed to ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Help with getting VPN connection for Windows File Sharing between two DG834G routers

  1. Help with getting VPN connection for Windows File Sharing between two DG834G routers

    I am having a lot of difficulty in getting the vpn functionality
    available on the Netgear DG834G to work as gateway-to-gateway.

    I have two identical routers each with similar vpn and firewall rules
    setup and the best I managed to achieve was for the vpn connection to
    allow access to the other router from either location but never
    managed to get file sharing to be accessible by use of "net use \\ip
    address\sharename" from either end.

    Even what I got to work is very intermittent and sometimes it does not
    get established ok. I want to start from scratch again and see help
    from anyone who has experience of getting this to work. Previously I
    was making use of dynamic dns - now i decided to concentrate on using
    fixed WAN ip.

    Netgear support were not prepared to help for file sharing and said it
    was outside their scope of support.

    The setup is as follows

    Location A subnet 192.168.0.0 has 1st DG834G and using a fixed WAN IP
    address

    Location B subnet 192.168.1.0 has 2nd DG834G and using a fixed WAN IP
    address

    Both routers are on latest UK firmware available which is V3.01.31.

    The VPN is setup using Auto Policy.

    Options:

    Remote VPN Endpoint: Fixed IP address

    Address Data xx.xx.xx.xx being the WAN IP address from the remote
    location ISP

    IKE Keep Alive Ping 192.168.1.1

    Local Lan

    Range IP Address 192.168.0.0 to 192.168.0.127

    Remote Lan

    Range IP Address 192.168.1.0 to 192.168.1.127

    IKE

    Direction: Initiator and Responder

    Exchange Mode: Main Mode

    Diffie-Hellman (DH) Group: Group 2 (1024 Bit)

    Local Identity: WAN IP Address

    Remote Identity Type: IP Address

    Parameters

    Enryption Algorithm: 3DES

    Authentication Algorithm: SHA-1

    Pre-Shared Key: xxxxxxxxxxxxxxxxxxx

    SA LifeTime: 3600 seconds

    Perfect Forward Security (PFS) : Enabled

    The setup on the 2nd DG834G is identical - with subnets being the
    other way round and approriate Remote VPN Endpoint Fixed IP address

    For firewall Rules I was trying with UDP and TCP ports 50, 51 and 500,
    501 and 1723, 1724. Allowing all outbound and for inbound giving the
    local network IP Address of a NAS server at each location

    The problem is probably in the firewall rules. I also tried the
    Netgear built-in rules VPN-PPTP and VPN-L2TP and VPN-IPSEC but no
    joy.

    I also tried creating a manual vpn policy and that did not work
    either.

    Any help would be much appreciated

    Simon


  2. Re: Help with getting VPN connection for Windows File Sharing betweentwo DG834G routers

    xxsajina@ajina.dircon.co.uk wrote:
    > I am having a lot of difficulty in getting the vpn functionality
    > available on the Netgear DG834G to work as gateway-to-gateway.
    >
    > I have two identical routers each with similar vpn and firewall rules
    > setup and the best I managed to achieve was for the vpn connection to
    > allow access to the other router from either location but never
    > managed to get file sharing to be accessible by use of "net use \\ip
    > address\sharename" from either end.
    >
    > Even what I got to work is very intermittent and sometimes it does not
    > get established ok. I want to start from scratch again and see help
    > from anyone who has experience of getting this to work. Previously I
    > was making use of dynamic dns - now i decided to concentrate on using
    > fixed WAN ip.
    >
    > Netgear support were not prepared to help for file sharing and said it
    > was outside their scope of support.
    >
    > The setup is as follows
    >
    > Location A subnet 192.168.0.0 has 1st DG834G and using a fixed WAN IP
    > address
    >
    > Location B subnet 192.168.1.0 has 2nd DG834G and using a fixed WAN IP
    > address
    >
    > Both routers are on latest UK firmware available which is V3.01.31.
    >
    > The VPN is setup using Auto Policy.
    >
    > Options:
    >
    > Remote VPN Endpoint: Fixed IP address
    >
    > Address Data xx.xx.xx.xx being the WAN IP address from the remote
    > location ISP
    >
    > IKE Keep Alive Ping 192.168.1.1
    >
    > Local Lan
    >
    > Range IP Address 192.168.0.0 to 192.168.0.127
    >
    > Remote Lan
    >
    > Range IP Address 192.168.1.0 to 192.168.1.127
    >
    > IKE
    >
    > Direction: Initiator and Responder
    >
    > Exchange Mode: Main Mode
    >
    > Diffie-Hellman (DH) Group: Group 2 (1024 Bit)
    >
    > Local Identity: WAN IP Address
    >
    > Remote Identity Type: IP Address
    >
    > Parameters
    >
    > Enryption Algorithm: 3DES
    >
    > Authentication Algorithm: SHA-1
    >
    > Pre-Shared Key: xxxxxxxxxxxxxxxxxxx
    >
    > SA LifeTime: 3600 seconds
    >
    > Perfect Forward Security (PFS) : Enabled
    >
    > The setup on the 2nd DG834G is identical - with subnets being the
    > other way round and approriate Remote VPN Endpoint Fixed IP address
    >
    > For firewall Rules I was trying with UDP and TCP ports 50, 51 and 500,
    > 501 and 1723, 1724. Allowing all outbound and for inbound giving the
    > local network IP Address of a NAS server at each location
    >
    > The problem is probably in the firewall rules. I also tried the
    > Netgear built-in rules VPN-PPTP and VPN-L2TP and VPN-IPSEC but no
    > joy.
    >
    > I also tried creating a manual vpn policy and that did not work
    > either.
    >
    > Any help would be much appreciated
    >
    > Simon
    >


    If you are trying to use "simple file sharing" (?) then you should not
    be in a "domain". I just went through similar issues with a VPN.

  3. Re: Help with getting VPN connection for Windows File Sharing between two DG834G routers

    Rick

    The userid's I would use for the net use command would be local to the
    NAS and would either be a local PC userid or a domain ID - depending
    on which PC i connect to the NAS from - either way the NAS would have
    an identical userid so i should not need to worry about domain name.

    I need to know what UDP and what TCP ports need to be open outwards
    and inwards

    regards

    simon


    On Apr 5, 3:38 pm, Rick Merrill
    wrote:
    >
    > > Simon

    >
    > If you are trying to use "simple file sharing" (?) then you should not
    > be in a "domain". I just went through similar issues with aVPN.- Hide quoted text -
    >
    > - Show quoted text -




  4. Re: Help with getting VPN connection for Windows File Sharing betweentwo DG834G routers

    xxsajina@ajina.dircon.co.uk wrote:
    > Rick
    >
    > The userid's I would use for the net use command would be local to the
    > NAS and would either be a local PC userid or a domain ID - depending
    > on which PC i connect to the NAS from - either way the NAS would have
    > an identical userid so i should not need to worry about domain name.
    >
    > I need to know what UDP and what TCP ports need to be open outwards
    > and inwards
    >
    > regards
    >
    > simon
    >
    >
    > On Apr 5, 3:38 pm, Rick Merrill
    > wrote:
    >>> Simon

    >> If you are trying to use "simple file sharing" (?) then you should not
    >> be in a "domain". I just went through similar issues with aVPN.- Hide quoted text -
    >>
    >> - Show quoted text -

    >
    >


    AFAIK you do not need to open any additional ports at the client end
    (your end) We use SonicWall 170 and the SW client and it required
    no changes in ports at my end (using a linksys router with NAT and all
    regular ports closed).

+ Reply to Thread