Connection VPN(clients) to a Nortell VPN

[StoneEdge]

««Moved from BPN Forum»»
Hi all

I have a problem with connecting more than a pc to a Nortell VPN.
I can connect one pc to a Nortell VPN(trough PPTP, using a Microsoft vpn connection). But when i try to connect another pc(on the same network, and using the same router) I get an error on the second connect. I get VPN error 651 or 609.

The problem is that using NAT to Nortell and using the same public IP. The Nortell open a tunnel to the first connection, but blocks the second connection.

How can I config the Nortell to pass more than one connection (trough VPN tunnel) using the same router(public IP)? I need to have more than 5 simultaneously connections.

Many Tks

Stone

StoneEdge
NetVitorianos Technologies Administrator

 

[HungryHouse]

Have you considered doing a small branch office tunnel instead? If you do, you will use (1)tunnel that all the users can get through. This is more typical than delpoying multiple single clients at the same LAN.

What router are you using on the small LAN and what NAT configuration are you using?

 

[StoneEdge]

Hi HungryHouse

Can you give more information about that tunnel on the client?? I am connecting the vpn with the Microsoft VPN Client. And the gateway is my Internet router.

We are using the Linksys BEFSR41 V3

But I have tried from different locations and from different routers.
From the office the router is a Linksys, and from another office is a CISCO, and from my home is a US Robotics Model # 8004 , 1.11 01. All give me the same errors.



StoneEdge
NetVitorianos Technologies Administrator

 

[norteldude78]

What kind of NAT are you using? Try using using Port mapping.

peace

 

[StoneEdge]

Hi Nortel

Can you give me some example?

StoneEdge
NetVitorianos Technologies Administrator

 

[norteldude78]

In a typical NAT you have an inside source translated to a public source. When you have only one public NAT IP, you need to map multiple inside sources to one public. With port mapping an inside source is mapped to a public IPort combination.

so if you're public IP is 1.1.1.1 and your internal LAN is 192.168.0.0/24 you would have:

192.168.0.1 => 1.1.1.1:1200
192.168.0.2 => 1.1.1.1:1201
192.168.0.3 => 1.1.1.1:1202

I am not sure if this is your problem, but if you are connecting multiple clients from the same network, use the branch office mode instead.

peace

 

[VPNSteve]

The above posters are correct that a branch office tunnel would be a better solution here, assuming you had a local device capable of setting one up with the Contivity.

If you do not you'll be forced to set up multiple client tunnels as you have already attempted.

Here's an alternate solution for you. If you are not for some reason set on using PPTP, you can set up IPSEC tunnels using the Nortel Contivity Client. I say this only because I don't know if the same can be accomplished with PPTP - it may well be possible.

To do this, you need to enable NAT Traversal on the Contivity itself. The first client tunnel is set up using UDP port 500, then moved to a random port. This is important because it allows another client to use UDP port 500 to set up the next tunnel. It is then moved to another random port. Without NAT Traversal enabled, the port is never moved from port 500, preventing another tunnel from doing it's key exchange, preventing it from coming up.