[VPN] Netgear - force all remote traffic through VPN

Tue Sep 21 13:59:14 EDT 2004

Hello, I have several Netgear FVM318 and FVS318 model Prosafe Firewall/VPN
appliances. I have no trouble with site to site VPNs with a Netgear at each
end.  I have several mobile users that connect via SafeNet's SoftRemoteLT
version 10 software VPN client from hotels, homes, client offices, etc...
without issue.  

My problem is I would like to be able to force the mobile users with the
SoftRemoteLT software to send all of their traffic through the VPN at the
central site.  My concern is them sending and receiving e-mail and such over
closed, uncontrolled networks like hotel or convention center wired
broadband and I get real fright thinking of them accessing POP3 e-mail over
a convention center wireless setup. Anyone sniffing the wired or wireless
broadband at these locations could obviously intercept POP3 usernames and
passwords and perhaps intercept attached documents.

I've experimented with no success so far in being able to have Internet
traffic do a U turn so to speak at the Netgear VPN end. With SoftRemoteLT it
is easy to force all traffic through the VPN, but when doing this the POP3
requests and any web requests error out.

I've got several static public IP addresses that are available if needed.
Primary network is all behind a Fortigate Firewall/Antivirus device in
transparent mode that sits in front of a Netgear FVM318.  I can add another
Netgear to the network and give it a static IP if that could somehow work.
I'm open to anything at this point.  Currently we are paying $75/month for
mobile users to have Sprint/Verizon/Nextel wireless cards so they can avoid
the hotel and convention center broadband but only a small number really
need those cards, the rest would be fine with the VPN solution if I could
funnel all traffic through it successfully.

Does anyone have any advice or experience in making this happen with Netgear
equipment?  I have extra Netgear hardware that I can add to the central site
setup if required...?  I was thinking maybe static routes or something to a
second router?

Any ideas are greatly appreciated.

Thank you,
Bill

*************************************************************************
William E. Ott
CEO and Chief Consultant
CPCS Technologies
http://www.cpcstech.com

weo .AT. cpcstech.com                [ primary e-mail ]
weo .AT. skytel.com                  [ short, urgent messages only ]
william.ott .AT. skytel.com          [ two-way e-mail pager ]
9192918674 .AT. messaging.nextel.com [ short messages to Nextel phone ]

[[ replace .AT. with @ and remove spaces to use e-mail addresses above ]]

919-363-3132       direct voice [ office/Nextel/v-mail ]
919-386-8033       office voice
800-391-7574       fax
800-204-7075       pager
919-291-8674       NexTel    [ primary wireless phone ]
150*26*32385       NexTel Direct Connect
919-924-2282       SprintPCS [ secondary wireless phone ]

**************************************************************************

Confidentiality Notice: This e-mail communication and any attachments may
contain confidential and privileged information for the use of the intended
recipients. If you are not the intended recipient, you are hereby notified
that you have received this communication in error and that any review,
disclosure, dissemination, distribution or copying of it or its contents and
attachments is prohibited and may be a violation of federal and state laws.
If you have received this communication in error, please notify the office
of William E. Ott immediately by replying to this message and deleting it
from your computer, or you may contact the office of William E. Ott in the
eastern time zone (UTC -5) of the United States of America via telephone at
919-386-8033. You will be reimbursed for any reasonable costs associated in
making notification.