NAT on Contivity VPN

[jdeisenm]

I have a Nortel/Contivity 1500 VPN box with a branch office connection.
This works. There is a server on the other end of the tunnel with an ip address 172.1.1.1 that is reachable. I want to NAT on the contivity and allow clients on this side to reach the server via ip address 10.10.1.1. a)Will the contivity box support this? b)If so, can both ip address be accessable at the same time? c)Does the box reboot or the tunnel drop when this feature is enabled? Note: There are no filters on the contivity restricting source or destination ip addresses.

 

[biv343]

1. Yes - the Contivity supports this. It's been a while since I've worked on a 1500, but I think as long as you have release 4 software it's doable. Not sure about previous releases. Maybe someone else can clarify.

2. No - once the NAT rule is applied to the tunnel, the traffic to/from that host/network is applied to the rule and all you'll see is the NATed address.

3. I believe the tunnel will need to be re-established after enabling NAT, but it won't need a reboot, as you apply the NAT to the branch tunnel connection, not the entire system.

 

[jdeisenm]

Nortel support says I can't do it because it's "tunnel nat". Does that ring any bells?

 

[biv343]

Depends on which version of code you're running. I haven't worked on a 1500 in at least three years. I have it working on an 1010 at our office running version 5 code and it works fine.

Could be a software limitation of your device.