Pirax wrote:
IKE Policy:
Direction / Type: Responder
Exchange Mode: Aggressive
Local Identifier Type: FQDN
Remote Identifier Type: User-FQDN
.
.
.
2008 Nov 13 09:29:14 [FVS338] [IKE] Failed to resolve remote FQDN "mobile". Backing off resolution for 4 seconds._
I came across your post looking for posts about how well the FVS338 works with OS X clients; I am interested in purchasing one to replace a Linksys VPN box.
IPSEC is annoyingly difficult to get to work with Apple Products, though it can be done with actual Macs. I never figured out how to get an actual working IPSEC tunnel working with my iPhone to a Linksys router using IPSEC.
While the iPhone supposedly supports Cisco VPN, it appears to be only account based VPN (you need a user name and personal password in addition to the group and secret keys). My Linksys WRVS4400N (a Cisco product) doesn't support that type of connection, so I doubt your Netgear product does.
That aside, you have a problem with your settings:
You can't use FQDN as the identification type. FQDN (Fully Qualified Domain Name) for remote identifier would require your iPhone's IP address to resolve to a domain name. It looks like you put the value "mobile" in that parameter. That value needs to be in the mydomain.com type format to work properly, doesn't it? Your iPhone won't have any such DNS record unless you setup a DynDNS account and somehow keep it pointed to your iPhone's current IP address. (I can think of a way to do that, but it would be a pain in the butt unless our iPhone's keep the same IP address from AT&T all the time, which I am sure they do not.)
Anyways, I suspect you'll never get it to work with those identifier settings; you'll need to set it up to "any" if your VPN supports that.
It looks like the only solution would be to set the VPN box to passthrough L2TP or PPTP traffic and setup a server for those connections behind the FVS338. An inexpensive Linksys WRT54 with one of the open source firmwares would do the trick nicely.