I am trying to connect to my company's Nortell VPN through my D-Link wireless card in my laptop with no success. I am using a D-link 614 + Wireless router and a D-Link 650 + wireless card. The modem is a D-link DCM-200. I can connect if I merely use my USB connection from my laptop and go straight into the router, taking the wireless setup out of the picture (Obviously having installed my modem drivers on my laptop as well). However, once I attempt to get in using wireless connection, I get a message back stating the remote host is not responding. (I uninstalled my modem drivers since there would be no need to have them on the laptop if I am attempting to connect using a wireless connection) It doesn't make sense to me given the fact that I thought if I have a connection to the internet, the VPN network shouldn't care what vehicle I am using to access the internet. The wireless setup works great, it is just frustrating not being able to hit the VPN. Also, I am using Comcast cable service. If someone has any advice, it would be greatly appreciated.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
I am trying to connect to my company's Nortell VPN through my D-Link w 4
- Thread starter MADTESTER
- Start date
-
1
- Thread starter
- #2
-
3
- #4
I work for a major corporation as a support engineer, and my primary function is supporting VPN (using nortel). The Nortel clients worked just fine with the 614+ (3.7, 4.15, 4.6) But as we were upgrading everyone to the 4.x client, we found that many users were complaining of constant drops (these users were using various routers). Our Engineer's contacted Nortel about this issue. There statment was to run a check as a user logs in, if they are behind a NAT device (router) then make the connection using NAT and not IPSec. When we did this we had several routers that would not connect - LinkSYS 4 port cable/dsl (turn off IPSec passthrough and it will work) Netgear 614 (upgrade to the latest bios and it will work) and then the Dlink 614+ and 714+, here are the instructions that I wrote for our folks and it works for them. If your company is doing the same as ours, it will work for you as well.
Dlink 614+.............
1. Open Internet Explorer and type in 192.168.0.1
2. Enter admin as the username and leave the password field blank.
3. Click on the Advanced tab.
4. Under the Virtual Services List, goto IPSec. You will have to click the edit icon which is located all the way to the right (directly under the help icon). There are two icons listed, the one on the left is the edit icon, the one on the right is the delete icon. Make sure that you hit the edit icon!
5. With IPSec highlighted, go to the Private IP field and type in the IP address of your computer. Then change the radio button above to enabled. How do I find the IP address of my computer?
6. Hit the Apply button located at mid page towards the right.
7. You should now be looking at the same page, but all the fields are blank again. We need to open up one more port but this time we need to create a new one.
8. In the Name field type in LexisNexis VPN.
9. For the Private IP field, type in the same IP address that you typed in for the IPSec port previously.
10. Protocol Type should be set to both.
11. In both the Private Port and Public Port fields, type in the number 9550.
12. Make sure Schedule is set to Always, it should be by default.
13. Hit the Apply button located at mid page towards the right.
14. Now click the Tools tab, once you are on the Tools home page, click the Misc. button on the left hand side.
15. Under VPN Pass.THrough, set IPSec from enabled to disabled and hit the apply button. This will also reboot your router, click on continue when prompted.
Dlink 614+.............
1. Open Internet Explorer and type in 192.168.0.1
2. Enter admin as the username and leave the password field blank.
3. Click on the Advanced tab.
4. Under the Virtual Services List, goto IPSec. You will have to click the edit icon which is located all the way to the right (directly under the help icon). There are two icons listed, the one on the left is the edit icon, the one on the right is the delete icon. Make sure that you hit the edit icon!
5. With IPSec highlighted, go to the Private IP field and type in the IP address of your computer. Then change the radio button above to enabled. How do I find the IP address of my computer?
6. Hit the Apply button located at mid page towards the right.
7. You should now be looking at the same page, but all the fields are blank again. We need to open up one more port but this time we need to create a new one.
8. In the Name field type in LexisNexis VPN.
9. For the Private IP field, type in the same IP address that you typed in for the IPSec port previously.
10. Protocol Type should be set to both.
11. In both the Private Port and Public Port fields, type in the number 9550.
12. Make sure Schedule is set to Always, it should be by default.
13. Hit the Apply button located at mid page towards the right.
14. Now click the Tools tab, once you are on the Tools home page, click the Misc. button on the left hand side.
15. Under VPN Pass.THrough, set IPSec from enabled to disabled and hit the apply button. This will also reboot your router, click on continue when prompted.
- Thread starter
- #5
I went back and attempted to set up everything exactly as you suggested (ucallwa's suggestion). It seems as though it is trying to connect to the VPN, and I now get the message, "checking for banner text from", (I never got that message before), and it lists the IP it is trying to hit, but then it returns a message "The secure Contivity VPN connection has been lost. Click connect to re-establish the connection". By clicking connect, I get the login failure to remote host not responding message.
Several of my co-workers can get in, however, they are using either a linksys wireless router system or a microsoft wireless router system. The only other thought I had is that I am using Windows 98 OS on the home PC and Windows 2000 OS on the laptop. I am convinced this is a D-link problem as one of the other people had reported on this forum. I too submitted my issue to D-link nearly a week ago and they have yet to respond. If I hear anything different from D-link, I will post their response.
Thanks ucallwa for the advice. Perhaps I will just go ahead and uninstall everything on both machines and attempt to start from scratch. This may end up being just in exercise in futility, but it is worth a shot.
Several of my co-workers can get in, however, they are using either a linksys wireless router system or a microsoft wireless router system. The only other thought I had is that I am using Windows 98 OS on the home PC and Windows 2000 OS on the laptop. I am convinced this is a D-link problem as one of the other people had reported on this forum. I too submitted my issue to D-link nearly a week ago and they have yet to respond. If I hear anything different from D-link, I will post their response.
Thanks ucallwa for the advice. Perhaps I will just go ahead and uninstall everything on both machines and attempt to start from scratch. This may end up being just in exercise in futility, but it is worth a shot.
- Thread starter
- #7
The post from ucallwa was a big help. I was finally able to get my D-Link connected to our Nortel Contivity.
The solution, however, has a big downside. I have to modify the D-Link Virtual Server configuration every time my laptop IP address changes because I get a new DHCP lease.
I tried fiddling around with the Application configuration some more in hopes that I could somehow create triggers that would open UDP ports 500 and 10001 (our Contivity uses 10001 instead of 9550 as indicated in the ucallwa post). Unfortunately, none of this worked.
Any thoughts?
The solution, however, has a big downside. I have to modify the D-Link Virtual Server configuration every time my laptop IP address changes because I get a new DHCP lease.
I tried fiddling around with the Application configuration some more in hopes that I could somehow create triggers that would open UDP ports 500 and 10001 (our Contivity uses 10001 instead of 9550 as indicated in the ucallwa post). Unfortunately, none of this worked.
Any thoughts?
socalhover
Technical User
can't wait to try ucallwa's suggestion... i too have this problem and according to d-link's site
it mentioned that nortel contivity in most situations will NOT work
but they did post a possible workaround
it mentioned that nortel contivity in most situations will NOT work
but they did post a possible workaround
If you are using Ucallwa's suggestion you need to make sure that you are using the UDP port that your contivity switch is using for NAT traversal. It is under /Services/IPSec on the Nortel contivity switch. If you are the admin of the contivity switch you can solve all your D-link users problems by disabling the NAT traversal feature on the switch. The problem with doing this is anyone using an NAT device that is not "IPsec aware" will probably not be able to connect. Older NAT devices will corrupt the IPsec packets and the connection will get hosed. The funny thing is enabling the NAT traversal feature on the Nortel switch is supposed to work out most issues with NAT users. For some reason a few of the D-Link router's/AP's don't like it when this feature is enabled.
Also when NAT traversal is disabled on the Nortel switch you can make simultaneous NAT connections from behind the DI-614+. Normally you would not be able to do this because the Nortel switch would see this as a security issue as two IPsec tunnels are coming in from the same public IP address. It should be the other way around. You should more than likely only be allowed to make simultaneous connections from the same NAT'd LAN if the Nat traversal feature has been enabled on the Nortel switch. I guess the D-Link does a good job of NAPT with the respective clients. Not sure though.
I spoke with D-Link and Nortel and they are working on this issue. I am assuming the fix will be in a firmware upgrade on the D-Link products.
Also when NAT traversal is disabled on the Nortel switch you can make simultaneous NAT connections from behind the DI-614+. Normally you would not be able to do this because the Nortel switch would see this as a security issue as two IPsec tunnels are coming in from the same public IP address. It should be the other way around. You should more than likely only be allowed to make simultaneous connections from the same NAT'd LAN if the Nat traversal feature has been enabled on the Nortel switch. I guess the D-Link does a good job of NAPT with the respective clients. Not sure though.
I spoke with D-Link and Nortel and they are working on this issue. I am assuming the fix will be in a firmware upgrade on the D-Link products.
socalhover
Technical User
i can now access the corportate vpn (nortel contivity) from the dlink di-604 router!
i uninstalled the nortel extranet access client V04_15.03 and replaced it with nortel extranet access client V02_62.33! And it is plug-n-play!
good luck!
i uninstalled the nortel extranet access client V04_15.03 and replaced it with nortel extranet access client V02_62.33! And it is plug-n-play!
good luck!
It's working because the older client does not incorporate features for the NAT traversal feature. The reason the new client is not working with your D-Link is because of a problem with the NAT chip in the router. D-Link is working on this issue. Below is kernel reporting when initing the newer Nortel clients that support NAT traversal. Notice the UDP wrapper.
00000000 0.00000000 [1344] InitValuesForUDPWrapper: UDP Wrapper values in effect:
00000001 0.00152394 [1344] InitValuesForUDPWrapper: m_dwHardMinimumNATKeepaliveIntervalIns = 9
00000002 0.00176726 [1344] InitValuesForUDPWrapper: m_dwNATKeepaliveIntervalIns = 18
00000003 0.00194969 [1344] InitValuesForUDPWrapper: m_dwNumKeepaliveIntervalsToWaitForPortFloat = 3
00000000 0.00000000 [1344] InitValuesForUDPWrapper: UDP Wrapper values in effect:
00000001 0.00152394 [1344] InitValuesForUDPWrapper: m_dwHardMinimumNATKeepaliveIntervalIns = 9
00000002 0.00176726 [1344] InitValuesForUDPWrapper: m_dwNATKeepaliveIntervalIns = 18
00000003 0.00194969 [1344] InitValuesForUDPWrapper: m_dwNumKeepaliveIntervalsToWaitForPortFloat = 3
I was not able to connect to my company's network via Nortel VPN Contivity Client 4.15 through my Netgear RP614 Router either.
I followed ucallwa's advice to update my 614 BIOS (why in the hell didn't I think of this before?!), and now all works fine.
My company must have switched Nortel VPN versions on me when they upgraded my laptop and OS/workstation becuase it used to work with my old issued laptop.
Anyway, Thanks ucallwa.
I followed ucallwa's advice to update my 614 BIOS (why in the hell didn't I think of this before?!), and now all works fine.
My company must have switched Nortel VPN versions on me when they upgraded my laptop and OS/workstation becuase it used to work with my old issued laptop.
Anyway, Thanks ucallwa.
I followed the D-Link procedures listed in their FAQ section at this link
It all works. Not too thrilled about access only from one PC on my home network, but willing to accept it for the time being.
I've a Motorolla 4200 cable modem with Comcast. D-Link DI-614+ Router, DWL-650+ Wireless card. All works fine.
On another Matter. Now I just wish I could get the same stuff to work with another VPN connection using "standard" Microsoft VPN client with Windows 2000 Pro. Keep getting Error 619. However, when I connect Ethernet cable directly between Windows 2000 PC and cable modem, that VPN connection works just fine. A real mystery!
It all works. Not too thrilled about access only from one PC on my home network, but willing to accept it for the time being.
I've a Motorolla 4200 cable modem with Comcast. D-Link DI-614+ Router, DWL-650+ Wireless card. All works fine.
On another Matter. Now I just wish I could get the same stuff to work with another VPN connection using "standard" Microsoft VPN client with Windows 2000 Pro. Keep getting Error 619. However, when I connect Ethernet cable directly between Windows 2000 PC and cable modem, that VPN connection works just fine. A real mystery!
ucallwa,
I have the same problem and am not able to connect to my company's network via Nortel VPN Contivity Client V04_65.09 through my Netgear RP614 Router either.
Could you please let me know about the steps that I need to follow in order to upgrade my router so I can connect to my network
I have the same problem and am not able to connect to my company's network via Nortel VPN Contivity Client V04_65.09 through my Netgear RP614 Router either.
Could you please let me know about the steps that I need to follow in order to upgrade my router so I can connect to my network
I too just resolved my Nortel Contivity 4.6 w/ D-link 764 (802.11 a & b) issue. I used the resolution listed at d-link specifically for the Contivity Client (and talked about before)
Two things I did differently:
1) Had to make sure the EACfilt driver was bound/checked to each NIC using the Contivity Client.
2) To avoid having to use only 1 client as a virtual server, I made firewall entries directly instead, as follows:
Read L to R as Source then Destination
Allow VPN -9550 WAN,(IP range of contivity switches) LAN,* UDP,9550
Allow VPN -9550 WAN,( IP range of contivity switches) LAN,* TCP,9550
Allow VPN -1723 WAN, ,( IP range of contivity switches) LAN,* TCP,1723
Allow VPN -1723 LAN,* WAN, ,( IP range of contivity switches) TCP,1723
Allow VPN -500 LAN,* WAN, ,( IP range of contivity switches) UDP,500
Allow VPN -500 WAN, ,( IP range of contivity switches) LAN,* UDP,500
I followed all other instructions on the d-link document.
The Contivity Client did have the 'disable keepalives 'checked and with group authentication.
My VPN connection flies now (used to have an SMC barricade 7004AWBR) and have no issues with the configuation so far.
Hope this helps someone.
Two things I did differently:
1) Had to make sure the EACfilt driver was bound/checked to each NIC using the Contivity Client.
2) To avoid having to use only 1 client as a virtual server, I made firewall entries directly instead, as follows:
Read L to R as Source then Destination
Allow VPN -9550 WAN,(IP range of contivity switches) LAN,* UDP,9550
Allow VPN -9550 WAN,( IP range of contivity switches) LAN,* TCP,9550
Allow VPN -1723 WAN, ,( IP range of contivity switches) LAN,* TCP,1723
Allow VPN -1723 LAN,* WAN, ,( IP range of contivity switches) TCP,1723
Allow VPN -500 LAN,* WAN, ,( IP range of contivity switches) UDP,500
Allow VPN -500 WAN, ,( IP range of contivity switches) LAN,* UDP,500
I followed all other instructions on the d-link document.
The Contivity Client did have the 'disable keepalives 'checked and with group authentication.
My VPN connection flies now (used to have an SMC barricade 7004AWBR) and have no issues with the configuation so far.
Hope this helps someone.
I am a bit puzzled about D-Link's scheme for conecting.
Where does it get port 9550 from?
If 9550 is the port that should be what Contivity switch uses for NAT traversal, which it is not in our case, then how can the connection still work with NAT traversal on the Contivity switch disabled? From what I understand given our method of connection (we use only jack on the Contivity and real IPs behind it), NAT traversal is reequired to permit incoming connections.
Also, isn't disabling IPSec defeating the purpose and permitting an unecrypted link?
Where does it get port 9550 from?
If 9550 is the port that should be what Contivity switch uses for NAT traversal, which it is not in our case, then how can the connection still work with NAT traversal on the Contivity switch disabled? From what I understand given our method of connection (we use only jack on the Contivity and real IPs behind it), NAT traversal is reequired to permit incoming connections.
Also, isn't disabling IPSec defeating the purpose and permitting an unecrypted link?
easy2rhyme2000
IS-IT--Management
I am having the same problem with NEtgear DG824M ADSL Modem Gateway? I upgraded the firmware to the latest and still no luck. I am getting the same message "checking for banner text from", and it lists the IP it is trying to hit, but then it returns a message "The secure Contivity VPN connection has been lost. Click connect to re-establish the connection".
Has anyone resolved the problem for NEtgear products??
Please advise. Your help is appreciated.
Has anyone resolved the problem for NEtgear products??
Please advise. Your help is appreciated.
I am having the same problem D-link DSL-500G Generation II ADSL Router. I am getting the same message "checking for banner text from", but then it returns a message "The secure Contivity VPN connection has been lost. Click connect to re-establish the connection".
Has anyone resolved the problem for this product??
Thanks.
Has anyone resolved the problem for this product??
Thanks.
- Status
Similar threads
- Locked
- Question
- Locked
- Solved