Ah... Ok . I'll try that... Thx Greg... Cheers -- Scott Sandeman Operations Manager Northern Media Solutions sandeman@xxxxxxxxxxxxxxxxxxxx > http://www.ISAserver.org > > > Not port 50 > > I mean enable protocol 50 > > Sorry! > > -----Original Message----- > From: Greg Foulks [mailto:greg.foulks@xxxxxxxx] > Sent: Monday, April 08, 2002 2:44 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: IPSEC (Nortel Client behind V4.05 BEHIND NAT) > > > http://www.ISAserver.org > > > IPSEC does not like traffic that has been NAT'd > > You can remove port 51. You only need to enable port 50 this is what is used > to authenticate to switch via IKE > > You can't communicate past the switch because NAT traversal is not setup to > allow the ISA server to send it's data using UDP. > > I've been thru this heart ache.. It took a couple of months to get everything > figured out. Once I upgraded the switch and client, > enabled NAT traversal, defined the port to use for UDP and set up the split > tunnel to secure the switch it all works as advertised. > > Greg > > > -----Original Message----- > From: Scott Sandeman [mailto:sandeman@xxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, April 08, 2002 2:35 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: IPSEC (Nortel Client behind V4.05 BEHIND NAT) > > > http://www.ISAserver.org > > > Hmm, > > Though I am not using ISA the new software might help. They have an > upgrade policy with Nortel, so perhaps I can get the new software for client > and switch. > > However in the current config (Switch 2.6 and client 2.62) I can get > authentication from behind the NAT.. But again I get no traffic after that. > So if I set up for "split tunneling" & "nat traversal" perhaps that might > alleviate the prob. > I am mapping ports 50 and 51... Any idea if this is right... ?.. Is it that > the NAT it "tagging" all traffic and the Contivity doesn't like that.. ? > > I dunno.. Just grasping at straws I guess. > > -- Scott Sandeman > Operations Manager > Northern Media Solutions > sandeman@xxxxxxxxxxxxxxxxxxxx > > > >> http://www.ISAserver.org >> >> >> You'll need to upgrade to 4_15.03 client and load the latest version 4 >> software on the switch. >> >> Then you'll need to configure "split tunneling" and "nat traversal" on the >> switch. The Nortel doc's are well written with >> instructions on doing this. >> >> Keep in mind that the port your decided to use for "nat traversal" on the >> switch must be opened on the ISA for you to connect. This >> could explain why you can authenticate but can't communicate. >> >> >> Greg >> >> >> -----Original Message----- >> From: Scott Sandeman [mailto:sandeman@xxxxxxxxxxxxxxxxxxxxx] >> Sent: Monday, April 08, 2002 2:07 PM >> To: [ISAserver.org Discussion List] >> Subject: [isalist] IPSEC (Nortel Client behind V4.05 BEHIND NAT) >> >> >> http://www.ISAserver.org >> >> >> Hello all >> >> I have been a member of this list for a while and it has proven >> informative. Though this question is not directly associated with ISA, I >> thought that there was no better list to post this question. >> >> Now that the buttering up is done.. Here we go. >> >> I have a small client that uses the Nortel VPN Client against a Nortel >> Contivity 1500 "switch". The client tests many platforms from home and use >> WinRoute Pro v4.1 at each employee's home to enable them to connect to the >> internet from several machines at once. They would like to be able to >> connect to the Contivty from behind a NAT from each Home Office. >> >> Do you have any suggestions. WinroutePro is capable of Packet filtering and >> port mappings to specific internal IP's. >> >> Currently I am able to connect to the "server" and get an IP assigned to the >> client though I can transmit no traffic to the server after authentication. >> >> Any ideas.. >> >> Cheers >> Scott >> >> -- Scott Sandeman >> Operations Manager >> Northern Media Solutions >> sandeman@xxxxxxxxxxxxxxxxxxxx >> >> >> >> >> >> >> ------------------------------------------------------ >> You are currently subscribed to this ISAserver.org Discussion List as: >> greg.foulks@xxxxxxxx >> To unsubscribe send a blank email to $subst('Email.Unsub') >> >> >> ------------------------------------------------------ >> You are currently subscribed to this ISAserver.org Discussion List as: >> sandeman@xxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send a blank email to $subst('Email.Unsub') >> > > > > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > greg.foulks@xxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > greg.foulks@xxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > sandeman@xxxxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') >