Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Nortel Extranet Access Client 5

Status
Not open for further replies.

Guest_imported

New member
Jan 1, 1970
0
I have Nortel Extranet Access Client (v03_70.18) installed on a Windows 98 machine. At home, I have DSL connected to a Linksys router with my home machine (Win XP Home Edition).

When I connect my laptop (win98) to the router and log in with the Nortel Client, I get logged on fine and can access all my Corporate resources. After about 5 minutes, I get an error stating "The Routing Table cannot be changed. Connection terminated.". I then have to restart my computer to connect again (and still only for 5 minutes).

I loaded a Nortel client on my home PC and was able to connect without any problem. The connection did not terminate after 5 minutes.

To test my work machine (laptop), I dialed into my ISP and then logged in with the Nortel client. Again, the routing table changed after 5 minutes and my connection was terminated so I know it's not the Linksys router.

The helpdesk at work is stumped. Any thoughts?

Thanks!
 
Mmogar and Ucallwa, thanks for your help.

1. Regedit32 allowed me to add the Registry keys.

2. Checking for Bannertext is solved on my machine, but I need a better explanation for my company's knowledge base.

Any other thoughts than previously posted about "check for banner text..." issue.
 
More info for correcting "check for banner text" issue:

As per post dated May 22,2002, regarding this issue - ports 50 and 51 are not ports, rather they are protocol identifiers.

{the following protocol details are from
50 ESP Encap Security Payload for IPv6 [RFC2406]
51 AH Authentication Header for IPv6 [RFC2402]

Allowing these 2 protocols along with port UDP-500 corrected my "check for banner text" issue. I am using a CISCO 1750 connected to a full T1.

I stumbled on this port vs. protocol fact in the following discussion thread:


Good luck to all with this problem and thanks to everyone for their various suggestions.

John
 
I currently use Nortel Extranet Access Client v2.62 on Windows 2000. I am now setting up EAC on a notebook running Windows XP. A newer version of EAC v4.60 is being used as v2.62 can't be installed on WinXP. Everything is going fine with EAC v4.60 including connection to the Nortel Switch at our Corporate Network. However, intranet and email services cannot be accessed because the established VPN connection does not have DNS and WINS settings. Could anyone help to provide some resolutions?
Thanks,
LK
 
I've been following this thread in attempts to resolve the same "Checking for banner text" error message, and I have something else to suggest that worked for me.

I am running the Nortel Contivity VPN Client (V04_15.08) on a Windows 2000 laptop behind two routers:

cable modem (Comcast, formerly AT&T Broadband)
<->
Linksys BEFSR41 (EtherFast® Cable/DSL Router with 4-Port Switch) Firmware v 1.38.5, Apr 12 2001
<->
D-Link DI-614+ (Enhanced 2.4GHz Wireless Router with 4-port Switch) Firmware v 2.18, Wed, 12 Mar 2003
<->
Win2K laptop

For a long time, I have been able to make a connection behind both routers until earlier this week when my VPN connection died. My tests directly to the cable modem and from behind the Linksys router were both successful, so my problem had something to do with the D-Link configuration, although I hadn't made any changes to the config in awhile.

I made every suggested configuration adjustment I could find in this thread and at D-Link's support site: I found that the key changes to be made to the D-Link router were found on the Tools->Misc screen and are:
Code:
  UPNP Settings  Disabled
  Gaming Mode    Disabled
  PPTP           Enabled
  IPSec          Enabled
The changes D-Link suggested to specifically route traffic to a specific IP didn't seem to make a difference, and their recommendation that PPTP and IPSec be disabled actually prevented me from making a connection.

Just something else to try. I know how frustrating connectivity issues are.
 
I was having the &quot;Cannot modify routing table after VPN connection established&quot; error which disconnected me after about 10 minutes on VPN. I am running the Nortel Extranet Connectivity Client v4_15 on Windows 98 at home to connect to our corporate WAN. The ADSL internet connection is through an ADSL modem and a LinkSys BEFSR41 4-port router with switch with two PCs, one running Windows 98 and the other XP Home edition. The internet connection worked fine before and after I added the router. The EAC access to VPN worked fine with just the modem but disconnected every session after 5-20 minutes (mostly about 10). I checked that IpSec was enabled and UDP port 500 was enabled at the suggestion of the corporate PC support staff. I downloaded the latest router firmware. I walked through the set-up with the ISP staff at Magma.ca. All to no avail. Finally I searched Tek-Tips and tried the suggestions from this forum and
(a) I went into the router interface using Netscape and selected the DHCP tab and clicked the button to display the routing table which showed the address of the PC as 192.168.1.136 on my home LAN;
(b) I ran winipcfg on the PC and confirmed it had the same address;
(c) In the router interface I clicked the Advanced Settings tab, then the Port Forwarding tab.
(d) I forwarded UDP ports 500 and 1723 to the address of the PC using VPN as found above. I saved the changes.
(e) I checked to make sure I had a lease on the connection address of one day (default) so it would not expire during the session. It was OK.

I have run two sessions since then of 30-60 minutes without problems. Thanks to all the thread contributors.
 
I'm running EAC v4_15 on XP Pro at home through a router/firewall to connect to my office. It ran fine the first time - Just lucky I guess.

My problem is that EAC forces all traffic to go through the VPN, not just traffic destined for the office (Checkpoint just sends office traffic thru the VPN). This causes me to lose other connections I have to the internet. I have heard a rumor that I can set up a virtual NIC, and use one NIC for EAC and the other for the rest of my traffic. But I have searched and searched and I can't find any info online or on Nortel's site. Does anyone have any hints/pointers? Has anyone got FreeSwan to work with Nortel? How about a bootleg copy of EAC for linux? (just kidding ;-)
 
Question on Nortel VPN Client 4.65 installed on Windows 2000. Currently, my work is in the process of locking down our laptops with Power User rights. When trying to connect with power user rights, I get the following error: Login Failed: Due to Driver Failure. When I make the power user ID an admin, it connects fine. Any ideas?

Thank you for your help.
 
&quot;Checking for banner text&quot; issue.

This may work for some of you if you have a mulitfunction printer installed on your PC.

We were receiving this same message with some of our clients at work and noticed that they all had a Brother Multifunction printer BMF9700 installed on their PC. When we uninstalled the drivers for the printer and rebooted the EAC worked fine. When the drivers were reinstalled the problem came back. Don't ask me why a printer would interfer with an IPSEC tunnel, but it did.

The problem was only encountered during Dialup session not WLAN sessions.

Hope this helps or gives some insite to a solution.

Jeremiah
 
Login Failure due to : Driver Failure

We are having the same problem as KJHEELS70, driver failure with version 4.65.09. Its intermittent, only seems to happen for users who do not have administrative rights on their PC'c, mostly on Win XP but now some Win 2000 as well. It makes no sense and any help would be appreciated.
 
After several days of troubleshooting random disconnections from my corporate VPN - I finally am able to keep Nortel Extranet Access Client connected. I gleamed much of the info from this group, so thanks to the other posters.

Setup:
Speedstream 5260 ADSL modem (PPPoE)
Netgear RP614 Router
Win2000 PC with 10/100 NIC
Nortel EAC (v4.65) running as a service on WIN2000

1. Disable keepalives in EAC software
2. Downloaded latest router software from Netgear (4.11 RC24)
3. RP614: Setup static IP address for the MAC in my PC
4. RP614: Forwarded ports 500 and 1723 to that IP address
5. RP614: Disabled RIP (RIP direction = none)
6. RP614: Set MTU to 1492
7. PC: Used DrTCP tool (from DSLreports.com) to set MTU on NIC card to 1350.
8. RP614: changed idle timeout on basic settings page to 240 minutes

I had done steps 1-7, and could only keep the connection up for a few minutes. Then realized that my idle timeout was by default - set to 5 minutes. Increasing the timeout (step #3) fixed the problem, so perhaps not all of these steps are required

 
Login Failure due to: Driver Failure

To: kjheels70

Looks like a User has to have Admin rights, being a Power User is not enough as you discovered. We solved the problem on XP by going to Nortel Client 4.65.18. We have yet to try this on Win 2000 but I will advise if this fixes the problem.
 
You may want to try adding a protocol you may not use such as NetBEUI to your network card. Then, remove TCP/IP from your system and reboot. Go back and install TCP/IP and remove NetBEUI. Even you TCP/IP was working fine on my system, once I uninstalled and re-installed it, my Nortel client now works.
 
To: kjheels70

Installing Nortel Client 4.65.18 (as an application) on Windows 2000 also fixed the 'Driver Failure' problem. Tested with a user who does not have local admin rights. Dont know why this worked since there does not appear to be anything specific in the release notes. Maybe it was fixed in between 09 and 18.
 
All

Having a related problem. Trying to connect to corporate email from home PC. Using Nortel Extranet client. Home setup is a couple of PCs (1 Win2K, 3 WinXP), MS SmallBiz Server 2K & Linksys router.

Problem is that I can connect fine, I start Outlook fine and I can read and download emails no problem. I can send emails okay providing that they are no bigger than about 100K but I almost always cannot forward any emails, or send new emails that are bigger than 100K.

I lose the green lights in the Extranet client systray icon and it seems to be trying to poll the Exchange server endlessly without getting anywhere.

Have tried forwarding ports 500 & 1723 to the PC in use, have enabled IPSec on the Linksys and have tried every MTU size under the sun.

If anyone can solve this I may just want to have their babies!!
 
Hello,

1) From one PC W2000pro ( without any Msoft updates )I can connect to Contivity 10xx . Client soft version V04_65.09.

2) From another PC W2000Pro (with lastest Msoft updates ) I can connect to Contivity 10xx. But after some time ( ~1, 2 min) I reveice message &quot;The routing table cannot be altered after the Contivity VPN connection has been established. The Contivity VPN connection has been closed&quot;.

I read all forum messages. I trie port 500, 1723 forwarding on router, no RIP , static IP on PC. this didn't help. Can anybody prompt me there is problem ???

many thanks !

Darius

There is problem. Maybye problem is
 
Cont.
there is log end :
Thu May 01 19:45:04 2003 | Failover | W | Failover list set to none.
Thu May 01 19:45:05 2003 | Banner | I | Display Banner String
Thu May 01 19:49:00 2003 | Isakmpd | F | Routing tables changes violate security policy.
Thu May 01 19:49:07 2003 | Isakmpd | F | Connection Terminated.

Darius
 
I have found that i don't get the error &quot;the routing table cannot be altered&quot; by not getting my Hotmail thru outlook express. Solved my problem
 
Has anyone successfully done what NiNj (IS/IT--Manageme) in her/his posting with the date stap of Dec 2, 2002, of Nortel's suggested solution to the &quot;routing table can not be changes...&quot; problem? If so how did you do it?
Thank you in advance.
PS: if this has been answered in anothre forum, please direct me to there. I've read or folloewed dozens of threads & postings but they all get jumbled tgether with banner, socket or other problems.


 
I fixed it!!! Extranet Client error message: &quot;The routing table cannot be altered after the Extranet connection has been established&quot;.

I had 2 computers both setup the same using Windows 2000 SP3. Only one had the problem. I noticed when using the intranet to get my mail (hotmail) or sending mail from my local internet provider I would recieve the error message.

I added the following in my registry.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

I added the line: PerformRouterDiscovery DWORD value 0

Then reboot.

I also noticed that just setting the EnableICMPRedirect DWORD to 0 Also works but I think that is over kill. I would only do this if the first solution does not work.

Good luck
 
Just wanted to add a bit about the 10048 error. While using Watchguard's Mobile User VPN (this should apply to Sonicwall's client as well) with Contivity, you must stop the Safenet IKE service. You don't actually have to uninstall the other vpn client in this case.

I'm just adding a &quot;net start safenet ike service&quot; to my own startup menu only -- no conflict there, and it only runs if I'm logging in. I'm the watchguard user. Beats uninstalling my VPN every time someone wants to run contivity.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top