VPN Help

[jscarrozzo]

I am currently trying th setup a VPN for our business. We are using the FVS318 netgear router with their new client software(Security Policy editor). I am having trouble making a connection. I have some questions:
1. Is there are way to connect when the remote pc has a dynamic IP address?
2. My home pc(that i wish to connect to the office server) is on a cable internet connection, where it automatically gives it a new IP address. is there a way to give it a static address?
3. I am a beginner at this VPN thing, and need some basic knowledge..I have read many things about VPN's, but I must be missing a few things. Any other help is appreciated.

Thanks in advance

 

[Boscoh]

I'm not familiar with Netgear's implementation. I can tell you, generally speaking, what is possible and hopefully it will point you in the right direction in terms of searching your documentation about setting up that router.

1) Yes, the remote PC should be able to connect to the Netgear VPN router with no problem as long as the Netgear VPN router at your company has a static IP. If it does not, you can try a Dynamic DNS service like DynDNS and point the VPN client on the remote PC to the domain name. It will not be possible, or will be very hard unless the Netgear router accepts domain names, to initiate a connection to the remote PC from the Netgear router. Typically, VPN tunnels that involve dynamic IP's can only be initiated one-way, that is, from Dynamic IP --> Static IP. Dynamic DNS services make two-way dynamic-to-dynamic IP VPN tunnels possible - assuming the client and the server support the use of Dynamic DNS.

2) There is most likely no way to give yourself a static IP unless you leave your PC on 24/7/365 as well as your cable modem. However, if the power goes off, or your ISP resets their equipment you'll likely get a new IP address. Typically static IP's come with Business-class accounts. What do you want a static IP for? Security, or so you can initiate a VPN connection to your home PC from work?

3) Try doing a google search for "How VPN works", there are a lot of good books out there as well, try searching Amazon.com for VPN and check out some of their offerings. The customers at Amazon usually do a good job of reviewing the books. VPN is a very, very broad topic. If you have specific questions, start up a new thread and we'll help you.

Hope this helps.

 

[jscarrozzo]

Thanks for the help, I really appreciate it. I have setup a new connection that will hopefully work. Netgear gives the option of the connection being secure or non-secure. Whenever I make the connection secure, I lose my connection to everything else like the internet, and the other computers in the local network. I switched it to non-secure and everything is ok. There has to be some sort of security issue that altering the connection.
basically all I have to do to make a connection is to load this software, make a new connection...then go to my remote pc, and create a new connection with the WAN address of the network, correct??
I am having trouble comprehending what exactly is going on to create this connection....
The server(where the client software is loaded) does not need to know where the connection is coming from, correct??

Thanks again for the help. Hopefully I can get this resolved.

 

[Boscoh]

Concerning the secure/non-secure issue: That's probably split-tunneling. Split-tunneling lets you be connected to the VPN tunnel and use your own internet connection to surf the web. This creates security issues so it's usually a good idea to disable split-tunneling. When you use the non-secure option, you still have VPN access but can access the Internet as well?

As far as what's going on to create the connection: It's authentication and encryption. You setup the connection with certain credentials, like a username and password, point it at the WAN address of the VPN server and you're in. All your data going to the other network is encrypted. That's the basics of it.

If your IP address is dynamic, it's a one-way connection usually which means you have to initiate the connection on your end. If the VPN server (the router in this case - based off what you've told me) is configured to accept dynamic connections then your IP address doesn't matter. If you had a static IP address, you'd want to lock down the VPN server to accept only your static IP address.

 

[jscarrozzo]

When I use the non-secure option..I can use the internet.
I still cannot get my computer at home to connect. The user name and password I use isn't anything special to the server or router, correct?
An overview of my workplace: Server that is connected to the network is currently running the program in which I am using. The netgear router can be reached by the LAN address it assigned..192.168.0.1 I think it is.
The server is the controller of the domain. there are about 10 computers currently on the domain.

I am pritty sure my problem isnt username/password related, because I would guess it would authenticate me after it makes a connection..which it isnt doing.
What seemed like an easy project turned into something difficult.

Thanks Again

 

[Boscoh]

If your netgear router uses usernames/passwords as the authentication for a VPN tunnel then your username and password are going to have to be known by the router. Meaning it's going to have to be configured on the router.

Here's a link to the online manual for that router. Look at the VPN section, it will tell you what you need to know about setting up a VPN. I'm assuming you're using a client that support IPSec/ISAKMP as it looks as if that's all this router supports.
http://www.netgear.com/docs/fvs318/wwhelp/wwhimpl/java/html/wwhelp.htm