From: freewheeling@spamcoptail.net   
      
   Hi:   
      
   I'm attempting to set up a VPN connection between a work network and my   
   home network (or client computer on my home network).  (Eventually hope   
   to expand this for use of about 6 or 7 clients.)  On the work side   
   there's a Netgear FVS318 router.  On the home side a computer is running   
   Netgear's client software under Windows XP-Pro, which ought to make   
   things easy, but doesn't seem to.  There's also a Belkin wireless router   
   on the home site, with VPN pass-through.   
      
   It's not clear to me what I need to put in the IPSec Identifier sections   
   of the Netgear router at work.  I gather that the remote identifier (in   
   the Netgear router at work) needs to be the LAN address of the computer   
   that's running the Netgear Client software, but what is the local   
   identifier at work?  Why is it that when I use the "wizard" to set up   
   the network on the router it leaves the local IPSec identifier as   
   0.0.0.0?  Am I supposed to change that to the address assigned to the   
   router (typically, something like 192.168.0.1) or should it be set to   
   the WAN address, or just left 0.0.0.0?  Also, does it make a difference   
   whether I set this up from the office or home network?  I'm kind of   
   inferring that since the software at home is called a "client" that the   
   communication parameters will be established by the Netgear router, but   
   I'm a little puzzled about that.  Does the distinction between client   
   and (server?) really matter in this case?   
      
   I should add that I'd also like to set up a connection with my MacBook   
   at home, but does that need to be a completely separate connection in   
   the work router, since it will have a different identifier?  If I want   
   to set things up so I can connect using my MacBook from any location am   
   I supposed to use the MAC address as the remote identifier?  If not, how   
   do you set up such a "wandering" VPN connection?   
      
   This stuff just seems far more inscrutable than it has to be.  If the   
   "identifier" has to be a dot4 address, why don't they just say that?  If   
   it can be a MAC address why don't they tell me?  If it's really supposed   
   to be unique (not mentioned anywhere else in the VPN definition) can it   
   just be any random name?   
      
   In general I think that whatever the local and remote identifiers are at   
   the initiation (server?) site those have to be reversed for the client   
   at my home site (or my wandering MacBook).  Is that right?   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)