Nortel Contivity "obtaining Banner Text" issue

[kaoboda]

I am trying to connect on the company VPN and keep getting an "obtaining Banner Text" error using Nortel Contivity VPN client.

Anyone have any insight?

 

[netmanrick]

Has this client ever worked ? Do you have multiple VPN clients(Cisco,etc) ?
Wjat OS are you using;are the patches up to date ?

Rick Harris
SC Dept of Motor Vehicles
Network Operations

 

[dane775]

This error is caused because the VPN server is attempting to send ESP (Encapsulating Security Payload) packets to your machine to establish the encrypted tunnel and your router is not NATing them to your workstation. When you setup basic NAT on a router, by default, it will not translate ESP coming inbound because data being sent is mutually exclusive in either direction and maintains no state information or session like TCP does. Hence, the error you get on your screen.

If ESP maintained state like TCP and the session was initiated from the workstation it wouldn't be a problem because the router could just cache the NAT translation and it would automatically work in the inbound direction.

Since there is no state, you have to setup a static NAT translation for inbound ESP on your outside address and set the internal destination to the IP address of your workstation. ESP is IP protocol type 50. If your router is inacapable of translating based on a protocol type, your only solution is to set a static NAT for anything coming inbound to the IP to your internal address of your workstation.

For example, on a Cisco router, this is how I set mine up at home when I used ISDN:

ip nat inside source static esp 192.168.1.10 interface Dialer0

Obviously, this means you can only setup one IPSEC VPN tunnel per public IP address that you control on your router.

Good luck...