Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Nortel Contivity 2600

Status
Not open for further replies.
Bastion1

Bastion1

IS-IT--Management
Nov 5, 2002
15
IN
Hi All,

I have Nortel Contivity 2600. It is working fine.

The existing setup is the Client which has a Valid Public IP address can connect to the Contivity. So, each client which needs to connect to the Nortel Contivity needs to have a Valid Public IP address.


At some of my branch offices I have more than one PC ( 5 -10 ). In this case each PC has a Unique Public IP address assigned. In this case I would like to have one PC or Router which will have Public IP address and will do NATing for the PCs behind it. So that I expect the Nortel Contivity to accept the client request which come to it through NATing. But, it is not accepting currently.

Is there any thing which we need to do in the Nortel Contivity so that it will accept the request from Public IP Address which is used as NAT at client end ?

-------------

Note:

I know this works becos, at some offices at singapore they have configured and it is woking fine. Also I noted that their Nortel VPN clinet when installed, Eacfilt Driver is installed in Network Properties.

P.Nagaraj
nagarajpandu@yahoo.com CCSA, CCSE
 
Sort by date Sort by votes
If you are using a router that is NATing the public IP, you will need to use NAT traversal on the Contivity in order for the IKE to successfully complete. IPSec does not allow changes in the packet once the exchange is started and therefore NAT traversal allows you to encapsulate your TCP packet in a UDP packet and the UDP packet is then stripped and the TCP packet is used. If you have a firewall on the client side make sure to allow protocol 17 source port 500 and destination port 500 as well as protocol's 50 and 51 with no source or destination(if your FW requires it select NULL). You will find the setting for NAT traversal on the Contivity switch under Services-->IPSec, towards the bottom. Check the box and specify the UDP port to use, you can use any port that is not a well known port or being used by any apps that you may be using(you will also need to allow this port through your Firewall). You then need to go into your group settings and specify the type of NAT detection that you are going to do, there are two types, Auto-Detect NAT and Auto-Detect IPSec NAT Capable. I have found that the Auto-Detect IPSec NAT Capable selection works best with Linksys routers. Good luck!!!
 
Upvote 0 Downvote
Just to add to the post made by thouseholder.
You will need to be running a fairly new version of the Contivity code. Also you will need to separate the users that use NAT from those who do not into different groups and only enable the NAT traversal on the group that contains the users that are being NATed.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AShammah
  • Locked
  • Question
Nortel/Spectralink 2211/2210 lasted firmware
Replies
0
Views
206
AShammah
AShammah
BSmith01
  • Locked
  • Question
Nortel Opt61C Meridian Mail Issue..
Replies
2
Views
108
ipohead
ipohead
VRRyan
  • Locked
  • Question
Nortel 5520-48T-PWR Console Issues
Replies
0
Views
139
VRRyan
VRRyan
Wayne VanTassell
  • Locked
  • Question
Nortel to Cisco
Replies
0
Views
82
Wayne VanTassell
Wayne VanTassell
Saurabh_Mishra
  • Locked
  • Question
Calls are dropping, in nortel cs1000, intermittently
Replies
3
Views
97
Saurabh_Mishra
Saurabh_Mishra

Part and Inventory Search

Sponsor

Back
Top