Open as PDF
Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall
Troubleshooting the VPN Connection
Common problems with VPN configurations include:
• Same LAN address range on both sides.
Check that the LAN IP address range at each side is different. For example, if both ends are
using 192.168.0.x addresses, the firewall or VPN client will not attempt to connect. This is
indicated by a lack of log entries.
• Incorrect Subnet Mask when connecting to a single PC.
When configuring a Security Association for a connection to a single PC, set the Subnet Mask
to 255.255.255.255 in the FVS318 VPN Settings menu.
• Mismatch of encryption setting.
Check that both ends are configured to use the same method: DES, 3DES, or none.
• Mismatch of PreShared Key.
on both ends.
• Interference between personal firewall software and VPN client software.
Try disabling personal firewall software on client PC. If this works, determine how to
configure personal firewall software to allow VPN traffic.
• Dynamic IP address on WAN.
Only one end of the tunnel may have a dynamically assigned IP address, and that side must
always be the tunnel initiator. Also, the dynamically assigned IP address must not be a private
address from one of the following ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Note: The FVS318 VPN Firewall uses industry standard VPN protocols. However, due
to variations in how manufacturers interpret these standards, many VPN products are
not interoperable. NETGEAR provides support for connections between two FVS318
VPN Firewalls, and between an FVS318 VPN Firewall and the SafeNet Secure VPN
Client for Windows. Although the FVS318 can interoperate with many other VPN
products, it is not possible for NETGEAR to provide specific technical support for every