<font color='black' size='2' face='arial'><FONT face="Arial, Helvetica, sans-serif"></FONT>
<div><br>
Richard,</div>
<div>The VPN clients connecting should get a different subnet address than that of the secured LAN (behind the VPN firewall). In other words, if the wired clients behind the firewall are getting a 10.10.1.x IP address, then your VPN clients connecting via shrew should get a different Subnet. (10.10.2.x). So change the mode-config in the VPN to give a different IP subnet and I'm pretty sure that will solve part if not all of your communication issues.</div>
<div> </div>
<div>Next, make sure all of your clients on the secure LAN don't have firewall/antivirus settings that disallow ping/remote desktop controls. Just because you can ping from secure LAN node to secure LAN node, does not mean that incoming connections from the outside world via VPN are going to be seen as friendly. You may have to configure the windows systems to allow 10.10.2.x subnets as "home" addresses. Especially if you're using Windows 7 flavors. I am still having these sorts of issues on my network with Windows 7 PCs. I iron them out one at a time. Still, there's one machine that's not pingable or remote controllable from shrew'd nodes. So please take what I say with a grain of salt.</div>
<div>Just trying to get you going in the right direction.</div>
<div> </div>
<div>Mike<br>
</div>
<div style="CLEAR: both"></div>
<br>
<br>
<div style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: arial,helvetica">-----Original Message-----<br>
From: Richard Sargent <rsargent@invisibleborders.com><br>
To: vpn-help@lists.shrew.net<br>
Sent: Mon, Jul 5, 2010 1:37 pm<br>
Subject: [vpn-help] Netgear FVS336G connects, but fails to see behind vpn<br>
<br>
<div id=AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547>
<STYLE>#AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 td{color: black;} @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} #AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 p.MsoNormal,#AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 li.MsoNormal,#AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";}#AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 a:link,#AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;}#AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 a:visited,#AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;}#AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;}#AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 .MsoChpDefault {mso-style-type:export-only;}@page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;}#AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 div.WordSection1 {page:WordSection1;}</STYLE>
<div class=WordSection1>
<div class=MsoNormal>I have setup the DHCP on my Netgear FVS336G to use a 10.10.1.0 subnet. I can connect to the VPN, but when I try to ping or use remote desktop to a computer (10.10.1.2) behind the VPN it fails. I can ping the Netgear router itself (10.10.1.1).</div>
<div class=MsoNormal> </div>
<div class=MsoNormal>Any suggestions?</div>
<div class=MsoNormal> </div>
<div class=MsoNormal>I have setup the Netgear FVS336G using the standard settings from the VPN Wizard:</div>
<div class=MsoNormal> </div>
<div class=MsoNormal>I am using the following Shrew Soft configuration:</div>
<div class=MsoNormal> </div>
<div class=MsoNormal>n:version:2</div>
<div class=MsoNormal>n:network-ike-port:500</div>
<div class=MsoNormal>n:network-mtu-size:1380</div>
<div class=MsoNormal>n:network-natt-port:4500</div>
<div class=MsoNormal>n:network-natt-rate:30</div>
<div class=MsoNormal>n:network-frag-size:540</div>
<div class=MsoNormal>n:network-dpd-enable:1</div>
<div class=MsoNormal>n:client-banner-enable:0</div>
<div class=MsoNormal>n:network-notify-enable:1</div>
<div class=MsoNormal>n:client-wins-used:0</div>
<div class=MsoNormal>n:client-wins-auto:0</div>
<div class=MsoNormal>n:client-dns-used:0</div>
<div class=MsoNormal>n:client-dns-auto:0</div>
<div class=MsoNormal>n:client-splitdns-used:0</div>
<div class=MsoNormal>n:client-splitdns-auto:0</div>
<div class=MsoNormal>n:phase1-dhgroup:2</div>
<div class=MsoNormal>n:phase1-life-secs:3600</div>
<div class=MsoNormal>n:phase1-life-kbytes:0</div>
<div class=MsoNormal>n:vendor-chkpt-enable:0</div>
<div class=MsoNormal>n:phase2-life-secs:3600</div>
<div class=MsoNormal>n:phase2-life-kbytes:0</div>
<div class=MsoNormal>n:policy-nailed:0</div>
<div class=MsoNormal>n:policy-list-auto:0</div>
<div class=MsoNormal>n:client-addr-auto:1</div>
<div class=MsoNormal>s:network-host:192.168.1.42</div>
<div class=MsoNormal>s:client-auto-mode:disabled</div>
<div class=MsoNormal>s:client-iface:direct</div>
<div class=MsoNormal>s:network-natt-mode:enable</div>
<div class=MsoNormal>s:network-frag-mode:enable</div>
<div class=MsoNormal>s:auth-method:mutual-psk-xauth</div>
<div class=MsoNormal>s:ident-client-type:fqdn</div>
<div class=MsoNormal>s:ident-server-type:fqdn</div>
<div class=MsoNormal>s:ident-client-data:fvs_remote.com</div>
<div class=MsoNormal>s:ident-server-data:fvs_local.com</div>
<div class=MsoNormal>b:auth-mutual-psk:cGFzc3dvcmQ=</div>
<div class=MsoNormal>s:phase1-exchange:aggressive</div>
<div class=MsoNormal>s:phase1-cipher:3des</div>
<div class=MsoNormal>s:phase1-hash:sha1</div>
<div class=MsoNormal>s:phase2-transform:esp-3des</div>
<div class=MsoNormal>s:phase2-hmac:sha1</div>
<div class=MsoNormal>s:ipcomp-transform:disabled</div>
<div class=MsoNormal>n:phase2-pfsgroup:0</div>
<div class=MsoNormal>s:policy-list-include:10.10.1.0 / 255.255.255.0</div>
<div class=MsoNormal> </div>
<div class=MsoNormal> </div>
<div class=MsoNormal>Richard Sargent</div>
<div class=MsoNormal>WorldPak, Inc.</div>
<div class=MsoNormal><A __removedLink__511286611__href="mailto:rsargent@invisibleborders.com">rsargent@invisibleborders.com</A></div>
<div class=MsoNormal>(703) 893-6202 x7103</div>
<div class=MsoNormal> </div>
</div>
</div>
<!-- end of AOLMsgPart_3_6aef0ac5-a021-49fe-9410-9be0a7ac4547 -->
<div id=AOLMsgPart_4_6aef0ac5-a021-49fe-9410-9be0a7ac4547 style="FONT-SIZE: 12px; MARGIN: 0px; COLOR: #000; FONT-FAMILY: Tahoma, Verdana, Arial, Sans-Serif; BACKGROUND-COLOR: #fff"><PRE style="FONT-SIZE: 9pt"><TT>_______________________________________________
vpn-help mailing list
<A __removedLink__511286611__href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</A>
<A target=_blank __removedLink__511286611__href="http://lists.shrew.net/mailman/listinfo/vpn-help">http://lists.shrew.net/mailman/listinfo/vpn-help</A>
</TT></PRE></div>
<!-- end of AOLMsgPart_4_6aef0ac5-a021-49fe-9410-9be0a7ac4547 --></div>
</font>