I have a NetGear UTM firewall and a Windows machine running NetGear's VPN client.

The Windows machine I can put on the UTM network and take off of it.

When I am cabled into the local (internal) the following configuration works:

UTM:
Local Id: Local Wan IP: (The UTM's WAN IP address)
Remote Id: User FQDN: utm_remote1.com

Client:
Local Id: DNS: utm_remote1.com
Remote Id:  (The UTM's WAN IP address)

Gateway authentication: preshared key

Policy remote endpoint: FQDN: utm_remote1.com

But when I'm off the UTM's internal local network and simply coming in from the internet, this does not work. It simply repeats SEND phase 1 before giving up.

Since I know that the UTM WAN IP is accessible from both inside and outside the network, I figured the problem was with the Client local id. So, I tried the following:

UTM:
Local Id: Local Wan IP: (The UTM's WAN IP address)
Remote Id: (A DN of a self-signed certificate I created for the client and uploaded into the UTM certificates)

Client:
Local Id:  (The DN of the aforementioned self signed cert)
Remote Id:  (The UTM's WAN IP address)

Gateway authentication: (the aforementioned self signed cert)

Policy remote end point: ... er, ... my choices are IP and FQDN.... Not sure what to put here

No matter what I've tried, it just keeps repeating the SEND phase 1.

Any ideas?