Yes i have turned off the hotspot, I believe port 500 works fine as I can get IPSEC site to site tunnels working, the problem is just with client - gateway setups.

I got a bit further, i saw that the Windows 7 VPN client was trying to connect out on port 1701 for L2TP, so i port forwarded that on my Hub 3.0 to my Netgear, I can now see the connection attempt in the vpnlogs on the Netgear.

I havent ruled out that the Hub may still be stopping some traffic given that im trying to use a VPN gateway behind the hub instead of using it as a replacement, have got a netgear ticket on this as well.

Will post back what i find out, I still cannot get a Windows 7 in-built VPN connection using L2TP through the Hub to my Netgear.

Thanks.

Hi there,

Try removing port 1723 and use the pre defined rule for PPTP.  Normally the problem with VPN is the GRE47 protocol not being forwarded.  The PPTP rule is specially configured to forward this protocol.  Forwarding 1723 on it's own is not enough.

Thanks

I have had the following reply from netgear support when trying to troubleshoot the VPN connections through the Infinity connection.

"contact your ISP and ask if the modem connected to our router has NAT Traversal enabled. If there is, kindly ask if they could disable it as this can be the only reason why we can't establish this tunnel."

Is this something I can maybe change on the openreach modem?

Are you using a static IP?

If there is NAT traversal enabled it's not something you can change.  I've never seen a setting for it so I doubt very much there is one.

If you're using a hub 3 with fibre then you should also have an openreach modem.  You could set the firewall up as PPPoE and connect it via WAN port direct to the openreach modem and remove the hub 3 altogether.

Thanks

Yeah i thought that chasing down NAT Traversal seemed like a bit of a side quest.

Yes I have an openreach modem -> BT Hub3 -> Netgear FVS336gv3

I also tried taking out the hub and using the Netgear as a PPPoE but it had different problems. VPN connections still did not work so again led me to think modem could be the problem.  Additionally when i used the netgear as the PPPoE it was unable to use my static IP addressing correctly. I believe i ran into peer addressing issues where the netgear had to be set to receive a dynamic address from BT at which point I could add my own static IP's to the secondary addresses option within the Netgear, but these were not available for the VPN policies which kept reverting to using the WAN1 address (dynamic) and therefore not usable for what i want which is static site to site IPSEC vpn for two offices both with Infinity lines.

Have you tried a port scan?  is 1723 responding?  http://www.t1shopper.com/tools/port-scan/

1723 should respond regardless of any other settings or compatability issues.  If this port is closed then focus on that before anything else.

You will only be affected by peer addressing if you're using multiple IP's which opens up a whole other can of worms.  If it's site to site VPN then you only need one IP.  Whether that has any bearing on anything I don't know.

The desk can change your IP package fairly quickly.

Thanks

A port scan shows that 1723 isnt responding.

I have port forwarded it on the Hub but still nothing.

Will see about disabling the firewall on the Hub temporarily and see if i can get 1723 to open.

Yes i have a block of 5 IPs, and 4 of them are currently assigned to servers directly in windows TCP/IP settings (i did not want the hub to DHCP address them for business reasons)

Seems like if i could assign one of my static IP's directly to my chosen hub replacement instead of this dynamic WAN - static IP mapping that it would solve my problem.

the search continues.

thanks for all replies i appreciate its not a standard scenario.