Nortel Extranet, VPN Passthrough, NAT & DG834G

Archived from groups: comp.dcom.vpn (More info?)

I know that this is a topic that has been discussed before....but I'm still
having problems here. I have a Netgear DG834G (AP, ADSL modem and router,
firewall combo) and am trying to access work through Nortel EAC (Contivity
Switch environment). The problem relates to the EAC making an initial
connection and then "Checking for banner text" followed by "Secure
connection has been lost......". From reading previous posts - I have
checked that NAT traversal is turned on on the Contivity, checked the port
used for NAT traversal and have configured the Netgear for IPsec forwarding,
Contivity port forwarding etc....Still no go! Has anyone successfully run a
similar environment. EAC is Version 4_65.320 and firmware of DG834G is
1.04.01.

Any suggestions gratefully accepted.

Cheers
Wayne
2 answers Last reply
More about nortel extranet passthrough dg834g
  1. Archived from groups: comp.dcom.vpn (More info?)

    Further info here....the Contivity Switch is showing that the tunnel is
    being terminated by my client (behind the DG834G) and a TCPDUMP of the
    communication to the Contivity switch shows NAT Keepalives being sent by my
    client to the switch with the switch responding with IPSec traffic closley
    followed by a "unreachable" error relating to the client. To be descriptive
    my client sends a whole pile of UDP packets to the switch from a high port
    value (e.g. 1578) followed by Phase 2 isakmp packet from again a high port
    (e.g. 1580) to UDP 500 on the switch. The switch responds with two Phase 2
    isakmp packets dested to the source port (1580) on my client and then
    quickly follows with a "udp port 1580 unreachable".

    Is anyone able to tell me if this means that my Netgear box is "dropping
    packets" required for the session to continue. Note that all ports are
    forwarded by a rule in the Netgear (supposedly).

    I am assuming that my client terminates the link because of the lack of
    response from the switch.?

    Any help from anyone, suggestions?


    "Wayne Kupfer" <kupferNOSPAM@ozemail.com.au> wrote in message
    news:d4khc.18$Rk4.1431@nnrp1.ozemail.com.au...
    > I know that this is a topic that has been discussed before....but I'm
    still
    > having problems here. I have a Netgear DG834G (AP, ADSL modem and router,
    > firewall combo) and am trying to access work through Nortel EAC (Contivity
    > Switch environment). The problem relates to the EAC making an initial
    > connection and then "Checking for banner text" followed by "Secure
    > connection has been lost......". From reading previous posts - I have
    > checked that NAT traversal is turned on on the Contivity, checked the port
    > used for NAT traversal and have configured the Netgear for IPsec
    forwarding,
    > Contivity port forwarding etc....Still no go! Has anyone successfully run
    a
    > similar environment. EAC is Version 4_65.320 and firmware of DG834G is
    > 1.04.01.
    >
    > Any suggestions gratefully accepted.
    >
    > Cheers
    > Wayne
    >
    >
    >
    >
  2. Archived from groups: comp.dcom.vpn (More info?)

    You Netgear is blocking the return packet. Netgear equipment has had a
    number of issues with IPSEC and a few years ago I had the pleasure of being
    told by them that they don't support the full IPSEC RFC.

    If you can try another router to confirm, or test without the router to see
    if it is your ISP.Some isp's do funny NAT stuff as well.

    Raymond Dias

    "Wayne Kupfer" <kupferNOSPAM@ozemail.com.au> wrote in message
    news:Gtthc.116$Rk4.6254@nnrp1.ozemail.com.au...
    > Further info here....the Contivity Switch is showing that the tunnel is
    > being terminated by my client (behind the DG834G) and a TCPDUMP of the
    > communication to the Contivity switch shows NAT Keepalives being sent by
    my
    > client to the switch with the switch responding with IPSec traffic closley
    > followed by a "unreachable" error relating to the client. To be
    descriptive
    > my client sends a whole pile of UDP packets to the switch from a high port
    > value (e.g. 1578) followed by Phase 2 isakmp packet from again a high port
    > (e.g. 1580) to UDP 500 on the switch. The switch responds with two Phase 2
    > isakmp packets dested to the source port (1580) on my client and then
    > quickly follows with a "udp port 1580 unreachable".
    >
    > Is anyone able to tell me if this means that my Netgear box is "dropping
    > packets" required for the session to continue. Note that all ports are
    > forwarded by a rule in the Netgear (supposedly).
    >
    > I am assuming that my client terminates the link because of the lack of
    > response from the switch.?
    >
    > Any help from anyone, suggestions?
    >
    >
    > "Wayne Kupfer" <kupferNOSPAM@ozemail.com.au> wrote in message
    > news:d4khc.18$Rk4.1431@nnrp1.ozemail.com.au...
    > > I know that this is a topic that has been discussed before....but I'm
    > still
    > > having problems here. I have a Netgear DG834G (AP, ADSL modem and
    router,
    > > firewall combo) and am trying to access work through Nortel EAC
    (Contivity
    > > Switch environment). The problem relates to the EAC making an initial
    > > connection and then "Checking for banner text" followed by "Secure
    > > connection has been lost......". From reading previous posts - I have
    > > checked that NAT traversal is turned on on the Contivity, checked the
    port
    > > used for NAT traversal and have configured the Netgear for IPsec
    > forwarding,
    > > Contivity port forwarding etc....Still no go! Has anyone successfully
    run
    > a
    > > similar environment. EAC is Version 4_65.320 and firmware of DG834G is
    > > 1.04.01.
    > >
    > > Any suggestions gratefully accepted.
    > >
    > > Cheers
    > > Wayne
    > >
    > >
    > >
    > >
    >
    >
Ask a new question

Read More

VPN Connection Networking