Desperate to connect to office using Nortel VPN & SMC Barricade Router

[dmmoore3]

Hi. I am hoping one of you people that are much smarter than me can help.
I work for a telecommunications company who has recently added broadband access. Although it is not officially rolled out so they are not supporting it. However, I know lots and lots of people who are using it successfully. The only difference is that they have different routers in their homes and perhaps different ISPs. Here is my configuration:

I have two PCs (my home desktop) and my work laptop. Both my husbands company and my company have provided us with the Nortel VPN Client (Contivity) The laptop has V04_65.09 and the desktop has V04_15.06.

We use Earthlink DSL to connect.

We are both able to use our VPNs if we do not use a router.

I just purchased an SMC Barricade Turbo Wireless Router (SMC2404WBR) which I know is supposed to allow IPSec flow through. I have installed the most recent firmware (for this model it is v1.0)

We are able to successfully ping our respective VPN servers. However, when we try to gain access through the VPN client, we receive the following error message:

Login Failure due to: Remote host not responding.

I completely read through another thread on here that said to open port 500 and 1723 so I have done that according to the directions in the message from undotcom.

It still is not working and I am at a loss. I have messed with this for hours and hours. I have friends that bought NetGear, D-Link and Linksys Routers and they just connected them (did nothing special) and were able to get right throught to the VPN without even any special config.

What am I doing wrong?
Help me please!
Thanks! dmmoore3/Raleigh, NC

 

[conceptumator]

I am connecting to my VPN using the same Nortel software without a hitch. I am also going through a router (Linksys) with a wireless access point and using Earthlink DSL. You should only have to open the port you spoke of if you are allowing VPN traffic INTO your home network. The Nortel software "tunnels" across your internet connection to hook up with the VPN box at your office. Since you are able to ping your VPN server, you must be using the right IP address for the software; that tells me it is probably a configuration problem in the software. Here are a couple of things to check (from my past experience with this same software):

1. Check your authentication method. There are a couple of different ways the Nortel software handles this and you will need to find out how your VPN box is set to function. For example, we use a group password identification; this means users are a member of a group designated in the configuration and the group password is also entered in the configuration.

2. Make sure you are using the right version of the software for your OS. There are different versions for Win98, Win 2000 and Win XP. The versions ARE different and are not compatible with one another.

3. If running XP, make sure your have all Windows Updates installed BEFORE you install the client; it does make a difference!

Good luck -- post to this string again if you have more questions or you can email me direct at conceptumator@earthlink.net.

 

[John Lewis]

Well, this could be real easy or real difficult. We'll give it a try and see.

First, don't mess with your software configuration too much. The fact that you can connect without the router in the middle of things pretty much indicates the problem is in the router configuration, not your software configuration.

You mention a post from undotcom . . I can't find that one, which thread was it in? The thread number is directly below the title.

You do need to have port 500 open for UDP traffic with a UDP trigger . . not TCP, although having it set for both would not hurt anything. This would be the first place that I would look, it's a common mistake.

You can close port 1723 back up, Nortel doesn't use it. Not a big deal, minor security risk, but I would close it.

The Nortel client is a real bear. I did look through the manual for your router and didn't really see much else to change. The fact that others can connect through a router indicates that the servers are configured properly for NAT, so that is out of the picture.

If you were to connect, then get dropped, there are some things you might need to change in the windows registry and/or your client software, but cross that bridge later.

If you already have port 500 open for UDP, or if it doesn't work and you really want to put some effort to it, you could install monitoring software to watch the connection while you are connected without the router and figure out what's going on. Sounds complicated, but really not that bad. Post back if you want/need to try, or if you have additional questions.

 

[dmmoore3]

Hey mhkwood,
Thanks for your message. As for which post I found my data in, it was thread 595-128103. It is a really long thread (and pretty old, now that I look at it again) and the specific response that I received my info from was dated Nov 20, 2001.

The interesting thing is that while I had the special applications screen set with those forwarding commands, I could not connect to the internet at all from my laptop through the wireless lan port. I went in and deactivated the settings and it is now working. I am now more frustrated than ever but since the settings did not seem to help, I guess there is no loss. I am still not confident that I was using the Special Applications screen correctly. I know that you mentioned that you checked the user manual for my router. If it would not be too much trouble, I would lover your email address so I could send you a word doc with a screen dump of what I did. I snapped the screen before I changed it back. Perhaps, I am just not using the screen correctly. I tried calling SMC support and they are clearly just reading from a AI script and are not any more helpful than the manual in how to actually complete the Special Applications screen. I think I would rather double check that before I move to the monitoring software option you suggest. However, if I am still down, I will defintely do that next.
Thanks so much for your help... I can use it!

 

[John Lewis]

Shoot it off to be_a_lert@yahoo.com and I'll take a look.