Hi,
Coming to your wisdom with an issue very strange.
I have a BSR222 up and working behind a Cisco ADSL Router.
I want to terminate vpn for a PC Nortel VPN Client, and for a Contivity 221. Turns out, i couldn't do both branch and client termination on the BSR222, since branch vpn, if set up, will try to terminate all the tunnels (branch and client), so i decided configure the BSR only for client termination, and use the Contivity 221 VPN CLient, so it would appear 2 client vpn termination on the BSR. Well, it worked well on a back to back basis (contivity and BSR wan ports connected via a network cable), but when i put the BSR behind the nat, with nat traversal habilitated, the Nortel VPN Client works fine, but the Client Termination of the Contivity 221 doesn't work. I got this error:
3
04/16/2008 02:50:37 Configured Peer ID Content: [ xxx.xxx.xxx.101] xxx.xxx.xxx.101 192.168.0.13 IKE
4
04/16/2008 02:50:37 Incoming ID Content: [ 10.0.0.2 ] xxx.xxx.xxx.101 192.168.0.13 IKE
5
04/16/2008 02:50:37 Rule [PrietoHQ] ID content mismatch xxx.xxx.xxx.101 192.168.0.13 IKE
6
04/16/2008 02:50:37 The cookie pair is : 0x9D4E7F65625344FD / 0x84B98AA1D51BFE18 xxx.xxx.xxx.101 192.168.0.13 IKE
7
04/16/2008 02:50:37 Rule [PrietoHQ] Phase 1 ID mismatch xxx.xxx.xxx.101 192.168.0.13 IKE
Looks like while the Contivity 221 is asking to start the tunnel to a real ip address xxx.xxx.xxx.101, the BSR is answering with the IP it has on its wan port: 10.0.0.2.
While this setup works on the windows vpn client to perfection, i can't seem to find a workaround for this issue.
Any ideas?
Thanks!
Dan.-
Coming to your wisdom with an issue very strange.
I have a BSR222 up and working behind a Cisco ADSL Router.
I want to terminate vpn for a PC Nortel VPN Client, and for a Contivity 221. Turns out, i couldn't do both branch and client termination on the BSR222, since branch vpn, if set up, will try to terminate all the tunnels (branch and client), so i decided configure the BSR only for client termination, and use the Contivity 221 VPN CLient, so it would appear 2 client vpn termination on the BSR. Well, it worked well on a back to back basis (contivity and BSR wan ports connected via a network cable), but when i put the BSR behind the nat, with nat traversal habilitated, the Nortel VPN Client works fine, but the Client Termination of the Contivity 221 doesn't work. I got this error:
3
04/16/2008 02:50:37 Configured Peer ID Content: [ xxx.xxx.xxx.101] xxx.xxx.xxx.101 192.168.0.13 IKE
4
04/16/2008 02:50:37 Incoming ID Content: [ 10.0.0.2 ] xxx.xxx.xxx.101 192.168.0.13 IKE
5
04/16/2008 02:50:37 Rule [PrietoHQ] ID content mismatch xxx.xxx.xxx.101 192.168.0.13 IKE
6
04/16/2008 02:50:37 The cookie pair is : 0x9D4E7F65625344FD / 0x84B98AA1D51BFE18 xxx.xxx.xxx.101 192.168.0.13 IKE
7
04/16/2008 02:50:37 Rule [PrietoHQ] Phase 1 ID mismatch xxx.xxx.xxx.101 192.168.0.13 IKE
Looks like while the Contivity 221 is asking to start the tunnel to a real ip address xxx.xxx.xxx.101, the BSR is answering with the IP it has on its wan port: 10.0.0.2.
While this setup works on the windows vpn client to perfection, i can't seem to find a workaround for this issue.
Any ideas?
Thanks!
Dan.-