Equipment (Modems,Gateways)
Modems, Gateways, and Networking Devices
Male IT Specialist Holds Laptop and Discusses Work with Female Server Technician. They're Standing in Data Center, Rack Server Cabinet is Open.
Highlighted
New Member

Site to site VPN setup on comcast netgear CG3000DCR

I am trying to setup a VPN between two locations which both have a comcast netgear box.  I have tried to set both boxes to 'bridge' mode but I have had issues with two different sets of VPN routers (one pair of netgears and a pair of Cisco rv082) so now I am trying to configure it on the Comcast netgear box directly. 

 

 I entered in the information in the IPSec Configuration tab and get the following error: 

 

Status: Duplicate IP Subnet. Please check values. 

 

I am not sure where the bad value is as it does not highlight the field (on a side note it also removes all the entered values, shouldn't it keep all the values even with an error?)

 

Here are the values I am entering (some info ommitted for security): 

 

vpn1.PNG

vpn2.PNG

vpn3.PNG

vpn4.PNG

 

Can someone point me in the right direction? 

 

 

 

0 Kudos
3 REPLIES 3
Highlighted
Trusted Forum Contributor

Re: Site to site VPN setup on comcast netgear CG3000DCR

Hello scott_jc and welcome,

 

The NetGear 3000 (NG3K) does not support configuration within the IpSec configuration. The only this you need to insure is that the standard NG3K device IP address ports are open per your Cisco rv082 device(es) mode of operation as follows:

    • For PPTP:
      • IP Protocol=TCP, TCP Port number=1723   <- Used by PPTP control path
      • IP Protocol=GRE (value 47)   <- Used by PPTP data path
    • For L2TP:
      • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv1 (IPSec control path)
      • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv1 (IPSec control path)
      • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path
    • For SSTP:
      • IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path
    • For IKEv2:
      • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv2 (IPSec control path)
      • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv2 (IPSec control path)
      • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path

 Please share a little more networking interconnect information brevity so we can get more specific on your DHCP or StaticIP configuration input for you.

 

Hope this helps out and look forward to hear from you.

0 Kudos
Highlighted
New Member

Re: Site to site VPN setup on comcast netgear CG3000DCR

Hi VBSSP-RICH, 

 

Sorry if I wasn't clear, the cisco rv082 is currently not on the network. I just have the netgear comcast box  on the networkand am trying to create a VPN tunnel between two of the same router. 

 

I would really like to use the rv082 but with both the comcast boxes in bridge mode we were having issues. 

0 Kudos
Highlighted
Trusted Forum Contributor

Re: Site to site VPN setup on comcast netgear CG3000DCR

scott_jc,

 

If you are trying to setup a VPN tunnel, then my previous ports info should be opened on the computer device that should be directed connected to any free NG3K LanPorts 1-4 (LP1-4). When you use the NG3K internal DHCP server, it's default address is 10.1.10.1, subnet 255.255.255.0. The default DHCP server will provide dynamic addresses between 10.1.10.10 through 10.1.10.199. So, if you were to force feed your computer device connected to any LP1-4, let's assume your use 10.1.10.150, for instance, then you can follow this procedure to insure the requires VPN ports are open:

1. with the DHCP server enabled, by pressing the little black reset button on the rear for 15 seconds

2. login to NG3K with any computer connected to LP1-4, bring up browser, then use 10.1.10.1 in adress field, enter

3. log in window appears and use username=cusadmin, password=highspeed

4. next click on firewall, then click on Port Configuration Tab

5. now you should be able to open a device port  on 10.1.10.150 as follows:

 

click on add, then enter -


AppName-------------public-----------private---------protocol--------ip address

 VPN1------------------1723-------------1723------------BOTH---------10.1.10.150

 VPN?------------------XXXX-------------XXXX------------BOTH---------10.1.10.150

 

As long as you force feed the device IP address this will prevent any dynamic IP address jumperitus, if you will. Also, it is vital for you to make sure that ALL your VPN App or system (see my previous post regarding this) being used ports are open to consistently be able to function birdirectionally interactive. 

 

Let us know if this helps you out.

 

 

 

 

 

 

0 Kudos