Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

No connection: Nortel Contivity VPN - Checking for banner text

Status
Not open for further replies.
soonerman

soonerman

Programmer
May 7, 2003
7
US
All,

I have found a lot of good information out here for those having a problem getting a "checking for banner text" hang up followed by loss of VPN connectivity when using Nortel Contivity VPN Client.

However, it seems most of those having problems are running routers or firewalls in their systems. I am not and am consistantly having the same issue. I am running Contivity 04_15.06 and Windows ME. No router, no firewall. My connection was fine over dial-up, but I changed my connection over to Earthlink DSL and have not been able to connect since. "Checking for Banner text" for about 8 seconds, then a disconnect.

Just to make sure traffic was getting through, I downloaded a software firewall and allowed all traffic. I get the 500, 520, 17, 50, 51 and 3 ports going through just fine. I have reinstalled the VPN client, updated the driver for my NIC, changed configurations on my network settings and nothing seems to work. Both my Corporate help desk and Earthlink are stumped and have not been able to resolve the issue for me.

I would be very, very grateful to anyone who could give me some additional ideas or information on how to get this problem resolved.

Thanks!
soonerman
 
Sort by date Sort by votes
Soonerman. I feel your pain. Had the same message pop up awhile for some of my users.
Here's what the problem was for me.
I two groups setup, an admin group and remote users group. I added banner text to the admin group. I did not add any banner text to the remote users group and they all started getting the exact error message (even though I had Display Banner Disabled). I took out the banner text for the admin group and it worked like a champ. Don't know if this helps you or not, but it worked for me.
Good Luck
1911man
 
Upvote 0 Downvote
Thanks 1911, I'll talk to my corporate folks and see if this is something they might be able to look at.
 
Upvote 0 Downvote
It doesn't look like that's going to be the fix for me. Does anyone have any other ideas? I was sure shocked to see the volume and range of problems with Nortel's client, very dissapointing and their website offers very little in the way of assistance.

Thanks!
 
Upvote 0 Downvote
Just an update, I saw an article in the FAQs about MTU settings being too high on DSL. I went through the excersice and, using DrTCP, lowered my MTU setting by 10s all the way down to 1200 - this did not work, still getting the exact same behavior.

Thanks!
 
Upvote 0 Downvote
Still very stumped and looking for help on this one. I just upgraded my contivity client to version 4_65.18 and still get hung up at "Checking for Banner Text" followed by "Secure Connection Lost". The thing that might be helpful about this version however, is that I was able to log the session. Below is the output from one of the sessions (Ip addresses X'd out). Any help would be greatly appreciated!

Sun May 11 17:51:01 2003 | Isakmpd | I | Connection initiated to xxx.xx.xxx.xxx [xxx.xx.xxx.xxx] using Diffie-Hellman group 2.
Sun May 11 17:51:01 2003 | Isakmpd | E | Unable to complete encryption handshake with remote side. Encryption Mismatch.
Sun May 11 17:51:01 2003 | Isakmpd | I | Connection initiated to xxx.xx.xxx.xxx [xxx.xx.xxx.xxx] using Diffie-Hellman group 1.
Sun May 11 17:51:02 2003 | ConfMode | S | Authentication successful.
Sun May 11 17:51:02 2003 | ConfMode | I | IP Address xx.xxx.xxx.xxx.
Sun May 11 17:51:02 2003 | ConfMode | I | Disable Keepalives.
Sun May 11 17:51:02 2003 | ConfMode | I | Mandatory tunneling enforced.
Sun May 11 17:51:02 2003 | ConfMode | I | Primary Domain Name Server "xxx.xxx.xxx.xxx".
Sun May 11 17:51:02 2003 | ConfMode | I | Secondary Domain Name Server "xxx.xxx.xxx.xx".
Sun May 11 17:51:02 2003 | ConfMode | I | Primary WINS Server "xxx.xx.xx.xx".
Sun May 11 17:51:02 2003 | ConfMode | I | Secondary WINS Server "xxx.xxx.xxx.xx".
Sun May 11 17:51:02 2003 | ConfMode | I | Saving Password on client is turned Off.
Sun May 11 17:51:02 2003 | NameSrvr | W | Adding DNS Servers "ßqɐ߂B".
Sun May 11 17:51:02 2003 | NameSrvr | W | Adding WINS Servers "ÇXKâô2".
Sun May 11 17:51:03 2003 | Failover | W | Failover list set to none.
Sun May 11 17:51:26 2003 | Isakmpd | F | The secure Contivity VPN connection has been lost.
Click Connect to re-establish the connection.
 
Upvote 0 Downvote
Soonerman,
Sorry to hear you are still having issues. I noticed you are running ME. How many NOC's do you have in your network properties? I know in the past we've had issues with users that had more than 4.
 
Upvote 0 Downvote
Thanks 1911, I only have 2 NOCs. I've just finished setting my computer back to factory image, installing all Windows ME updates, reinstalling Contivity and...same error, ahhhhh (by the way, I had no other hardware hooked up, printer, scanner, etc.)! Anyway, I'm out $150 for the CD-RW I had to buy to backup my files. Anyone have any guesses on what I blow my money on next, new OS, router, firewall, NIC card, New ISP, New LEC or just get a new PC (which I would readily do if I had even a bit of confidence it would solve the problem)? I can't believe this many people have so many different problems with Contivity and Nortel doesn't have some tool to help isolate it.

I'm open to ideas
 
Upvote 0 Downvote
Last night, I started with reinstalling Windows ME, didn't work. The I got drastic and reinstalled the factory image from Dell, and that didn't work. At that point I thought I was doomed and just started reinstalling software. Earthlink offered a different firewall software than I had before, called zone alarm. I installed it and looked for a setting to allow protocol 50, 51 traffic - but it had no option to set rules for them. I tried connecting to VPN anyway and saw that the ESP traffic was being blocked by the firewall, no connection. Just for the heck of it, I set all of the firewall protections to off and much to my surprise - it worked!

I'm glad this problem is behind me, but I still don't understand it. Why was ESP being blocked when I had no firewall software at all? Anyway, thanks for everyone's input, just wanted to pass along that I have the problem fixed.

Thanks!!!
 
Upvote 0 Downvote
My group the Network Operations Center for SC Dept of Motor Vehicles have been managing a Contivity 2600 VPN box and remote clients for more than 2 years.The problems we usually encounter are non standard pc/laptop configurations;using AOL(they use a vpn;running multiple vpn
clients(Cisco does not play well with Nortel);and ISP's with
strange cable configurations.
Each time I have installed a Nortel VPN client(usually a DELL pc)works just fine.
I keep a list of the problems posted as a troubleshooting source .

Rick Harris
SC Dept of Public Safety-DMV
Network Operations
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
680
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
510
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
467
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
417
Joon Smith
Joon Smith
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F

Part and Inventory Search

Sponsor

Back
Top