Sign in with
Sign up | Sign in
Your question

Nortel Extranet, VPN Passthrough, NAT & DG834G

Last response: in Networking
Share
Anonymous
April 21, 2004 3:25:18 PM

Archived from groups: comp.dcom.vpn (More info?)

I know that this is a topic that has been discussed before....but I'm still
having problems here. I have a Netgear DG834G (AP, ADSL modem and router,
firewall combo) and am trying to access work through Nortel EAC (Contivity
Switch environment). The problem relates to the EAC making an initial
connection and then "Checking for banner text" followed by "Secure
connection has been lost......". From reading previous posts - I have
checked that NAT traversal is turned on on the Contivity, checked the port
used for NAT traversal and have configured the Netgear for IPsec forwarding,
Contivity port forwarding etc....Still no go! Has anyone successfully run a
similar environment. EAC is Version 4_65.320 and firmware of DG834G is
1.04.01.

Any suggestions gratefully accepted.

Cheers
Wayne
Anonymous
April 22, 2004 2:07:01 AM

Archived from groups: comp.dcom.vpn (More info?)

Further info here....the Contivity Switch is showing that the tunnel is
being terminated by my client (behind the DG834G) and a TCPDUMP of the
communication to the Contivity switch shows NAT Keepalives being sent by my
client to the switch with the switch responding with IPSec traffic closley
followed by a "unreachable" error relating to the client. To be descriptive
my client sends a whole pile of UDP packets to the switch from a high port
value (e.g. 1578) followed by Phase 2 isakmp packet from again a high port
(e.g. 1580) to UDP 500 on the switch. The switch responds with two Phase 2
isakmp packets dested to the source port (1580) on my client and then
quickly follows with a "udp port 1580 unreachable".

Is anyone able to tell me if this means that my Netgear box is "dropping
packets" required for the session to continue. Note that all ports are
forwarded by a rule in the Netgear (supposedly).

I am assuming that my client terminates the link because of the lack of
response from the switch.?

Any help from anyone, suggestions?


"Wayne Kupfer" <kupferNOSPAM@ozemail.com.au> wrote in message
news:D 4khc.18$Rk4.1431@nnrp1.ozemail.com.au...
> I know that this is a topic that has been discussed before....but I'm
still
> having problems here. I have a Netgear DG834G (AP, ADSL modem and router,
> firewall combo) and am trying to access work through Nortel EAC (Contivity
> Switch environment). The problem relates to the EAC making an initial
> connection and then "Checking for banner text" followed by "Secure
> connection has been lost......". From reading previous posts - I have
> checked that NAT traversal is turned on on the Contivity, checked the port
> used for NAT traversal and have configured the Netgear for IPsec
forwarding,
> Contivity port forwarding etc....Still no go! Has anyone successfully run
a
> similar environment. EAC is Version 4_65.320 and firmware of DG834G is
> 1.04.01.
>
> Any suggestions gratefully accepted.
>
> Cheers
> Wayne
>
>
>
>
Anonymous
April 22, 2004 2:07:02 AM

Archived from groups: comp.dcom.vpn (More info?)

You Netgear is blocking the return packet. Netgear equipment has had a
number of issues with IPSEC and a few years ago I had the pleasure of being
told by them that they don't support the full IPSEC RFC.

If you can try another router to confirm, or test without the router to see
if it is your ISP.Some isp's do funny NAT stuff as well.

Raymond Dias

"Wayne Kupfer" <kupferNOSPAM@ozemail.com.au> wrote in message
news:Gtthc.116$Rk4.6254@nnrp1.ozemail.com.au...
> Further info here....the Contivity Switch is showing that the tunnel is
> being terminated by my client (behind the DG834G) and a TCPDUMP of the
> communication to the Contivity switch shows NAT Keepalives being sent by
my
> client to the switch with the switch responding with IPSec traffic closley
> followed by a "unreachable" error relating to the client. To be
descriptive
> my client sends a whole pile of UDP packets to the switch from a high port
> value (e.g. 1578) followed by Phase 2 isakmp packet from again a high port
> (e.g. 1580) to UDP 500 on the switch. The switch responds with two Phase 2
> isakmp packets dested to the source port (1580) on my client and then
> quickly follows with a "udp port 1580 unreachable".
>
> Is anyone able to tell me if this means that my Netgear box is "dropping
> packets" required for the session to continue. Note that all ports are
> forwarded by a rule in the Netgear (supposedly).
>
> I am assuming that my client terminates the link because of the lack of
> response from the switch.?
>
> Any help from anyone, suggestions?
>
>
> "Wayne Kupfer" <kupferNOSPAM@ozemail.com.au> wrote in message
> news:D 4khc.18$Rk4.1431@nnrp1.ozemail.com.au...
> > I know that this is a topic that has been discussed before....but I'm
> still
> > having problems here. I have a Netgear DG834G (AP, ADSL modem and
router,
> > firewall combo) and am trying to access work through Nortel EAC
(Contivity
> > Switch environment). The problem relates to the EAC making an initial
> > connection and then "Checking for banner text" followed by "Secure
> > connection has been lost......". From reading previous posts - I have
> > checked that NAT traversal is turned on on the Contivity, checked the
port
> > used for NAT traversal and have configured the Netgear for IPsec
> forwarding,
> > Contivity port forwarding etc....Still no go! Has anyone successfully
run
> a
> > similar environment. EAC is Version 4_65.320 and firmware of DG834G is
> > 1.04.01.
> >
> > Any suggestions gratefully accepted.
> >
> > Cheers
> > Wayne
> >
> >
> >
> >
>
>
!