Client termination to Nortel BSR222

[rkaufman]

I've recently put a BSR222 into service after configuring it in a lab and testing it with actual IP addressing and IPSec settings. Both client termination and BOT worked properly before leaving the lab. Now, when trying to connect remotely, the Nortel VPN client (ver. 7.01) appears to connect, check for banner text, then dumps, saying the secure connection has been lost. Has anyone had a similar experience, and if so, do you have any suggestions for fixing it?

Thanks

 

[biv343]

I haven't worked on a BSR device yet, but on the Contivity family of products you can enable IPSEC NAT traversal, specify another UDP port and that resolves the issue. If I remember correctly, it has to do with the firewall you're behind not passing the IPSEC protocols properly.

I'm not familiar with the BSR 222 to know if that is an option or not, but it may be worth investigating.

 

[rkaufman]

Thanks biv343, yes, the BSR222 does have the option to enable NAT Traversal like the NVR. I enabled it during the config for port 10001. Problem still persists.

 

[SharpAdam]

Check your client side firewall. I've done this before with a BCM50a (same interface as the BSR222). Make sure compression is turned off. I have perfect forward secrecy turned off. I think you might also have to change firewall settings on the BSR - but I can't remember exactly what.