RE: IPSEC (Nortel Client behind V4.05 BEHIND NAT)

  • From: Scott Sandeman <sandeman@xxxxxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 08 Apr 2002 13:34:47 -0500

Hmm,

    Though I am not using ISA the new software might help. They have an
upgrade policy with Nortel, so perhaps I can get the new software for client
and switch.

    However in  the current config (Switch 2.6 and client 2.62) I can get
authentication from behind the NAT.. But again I get no traffic after that.
So if I set up for "split tunneling"  & "nat traversal" perhaps that might
alleviate the prob.
I am mapping ports 50 and 51... Any idea if this is right... ?.. Is it that
the NAT it "tagging" all traffic and the Contivity doesn't like that.. ?

I dunno.. Just grasping at straws I guess.

-- Scott Sandeman
Operations Manager
Northern Media Solutions
sandeman@xxxxxxxxxxxxxxxxxxxx



> http://www.ISAserver.org
> 
> 
> You'll need to upgrade to 4_15.03 client and load the latest version 4
> software on the switch.
> 
> Then you'll need to configure "split tunneling" and "nat traversal" on the
> switch. The Nortel doc's are well written with
> instructions on doing this.
> 
> Keep in mind that the port your decided to use for "nat traversal" on the
> switch must be opened on the ISA for you to connect. This
> could explain why you can authenticate but can't communicate.
> 
> 
> Greg
> 
> 
> -----Original Message-----
> From: Scott Sandeman [mailto:sandeman@xxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, April 08, 2002 2:07 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] IPSEC (Nortel Client behind V4.05 BEHIND NAT)
> 
> 
> http://www.ISAserver.org
> 
> 
> Hello all
> 
>   I have been a member of this list for a while and it has proven
> informative. Though this question is not directly associated with ISA, I
> thought that there was no better list to post this question.
> 
> Now that the buttering up is done.. Here we go.
> 
> I have a small client that uses the Nortel VPN Client against a Nortel
> Contivity  1500 "switch". The client tests many platforms from home and use
> WinRoute Pro v4.1 at each employee's home to enable them to connect to the
> internet from several machines at once. They would like to be able to
> connect to the Contivty from behind a NAT from each Home Office.
> 
> Do you have any suggestions. WinroutePro is capable of  Packet filtering and
> port mappings to specific internal IP's.
> 
> Currently I am able to connect to the "server" and get an IP assigned to the
> client though I can transmit no traffic to the server after authentication.
> 
> Any ideas..
> 
> Cheers
> Scott
> 
> -- Scott Sandeman
> Operations Manager
> Northern Media Solutions
> sandeman@xxxxxxxxxxxxxxxxxxxx
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> greg.foulks@xxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> sandeman@xxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 







Other related posts: