Hmm, Though I am not using ISA the new software might help. They have an upgrade policy with Nortel, so perhaps I can get the new software for client and switch. However in the current config (Switch 2.6 and client 2.62) I can get authentication from behind the NAT.. But again I get no traffic after that. So if I set up for "split tunneling" & "nat traversal" perhaps that might alleviate the prob. I am mapping ports 50 and 51... Any idea if this is right... ?.. Is it that the NAT it "tagging" all traffic and the Contivity doesn't like that.. ? I dunno.. Just grasping at straws I guess. -- Scott Sandeman Operations Manager Northern Media Solutions sandeman@xxxxxxxxxxxxxxxxxxxx > http://www.ISAserver.org > > > You'll need to upgrade to 4_15.03 client and load the latest version 4 > software on the switch. > > Then you'll need to configure "split tunneling" and "nat traversal" on the > switch. The Nortel doc's are well written with > instructions on doing this. > > Keep in mind that the port your decided to use for "nat traversal" on the > switch must be opened on the ISA for you to connect. This > could explain why you can authenticate but can't communicate. > > > Greg > > > -----Original Message----- > From: Scott Sandeman [mailto:sandeman@xxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, April 08, 2002 2:07 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] IPSEC (Nortel Client behind V4.05 BEHIND NAT) > > > http://www.ISAserver.org > > > Hello all > > I have been a member of this list for a while and it has proven > informative. Though this question is not directly associated with ISA, I > thought that there was no better list to post this question. > > Now that the buttering up is done.. Here we go. > > I have a small client that uses the Nortel VPN Client against a Nortel > Contivity 1500 "switch". The client tests many platforms from home and use > WinRoute Pro v4.1 at each employee's home to enable them to connect to the > internet from several machines at once. They would like to be able to > connect to the Contivty from behind a NAT from each Home Office. > > Do you have any suggestions. WinroutePro is capable of Packet filtering and > port mappings to specific internal IP's. > > Currently I am able to connect to the "server" and get an IP assigned to the > client though I can transmit no traffic to the server after authentication. > > Any ideas.. > > Cheers > Scott > > -- Scott Sandeman > Operations Manager > Northern Media Solutions > sandeman@xxxxxxxxxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > greg.foulks@xxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > sandeman@xxxxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') >