You'll need to upgrade to 4_15.03 client and load the latest version 4 software on the switch. Then you'll need to configure "split tunneling" and "nat traversal" on the switch. The Nortel doc's are well written with instructions on doing this. Keep in mind that the port your decided to use for "nat traversal" on the switch must be opened on the ISA for you to connect. This could explain why you can authenticate but can't communicate. Greg -----Original Message----- From: Scott Sandeman [mailto:sandeman@xxxxxxxxxxxxxxxxxxxxx] Sent: Monday, April 08, 2002 2:07 PM To: [ISAserver.org Discussion List] Subject: [isalist] IPSEC (Nortel Client behind V4.05 BEHIND NAT) http://www.ISAserver.org Hello all I have been a member of this list for a while and it has proven informative. Though this question is not directly associated with ISA, I thought that there was no better list to post this question. Now that the buttering up is done.. Here we go. I have a small client that uses the Nortel VPN Client against a Nortel Contivity 1500 "switch". The client tests many platforms from home and use WinRoute Pro v4.1 at each employee's home to enable them to connect to the internet from several machines at once. They would like to be able to connect to the Contivty from behind a NAT from each Home Office. Do you have any suggestions. WinroutePro is capable of Packet filtering and port mappings to specific internal IP's. Currently I am able to connect to the "server" and get an IP assigned to the client though I can transmit no traffic to the server after authentication. Any ideas.. Cheers Scott -- Scott Sandeman Operations Manager Northern Media Solutions sandeman@xxxxxxxxxxxxxxxxxxxx ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')