Nortel Extranet (VPN) over LAN to DSL router to Corp WAN

[Blasikov]

Hi all, I'm new to the forums =)

I have researched this subject quite a bit, websites, fora (including this one) but have not found much about my problem. Any help is greatly appreciated.

My company provides two methods of remote access. RAS (MS) dial-up and VPN (Nortel Extranet). The RAS works fine, but of course it is dial-up and it's a bit slow. The VPN works OK if you are out of town and are using a generic dial-up ISP.

I periodically work from my home office and use either of the solutions above to access my company's LAN/WAN. I have recently acquired DSL (Qwest, Minnesota) and am trying to get the "Nortel Extranet Client" VPN to work.

My home setup is: 1 Desktop and 1 laptop (both Win98SE) connected to a Linksys 10/100 switch. The switch is connected to a Cisco 678 DSL modem / router. The router is configured with DHCP, NAT, and ppp for the local ISP (full time connection). Internet access has been great on both machines. File and printer sharing (and other LAN stuff) works fine as well.

I understand that DHCP allows the pc's to have dynamic IP's on the LAN and the NAT allows the pc's to share the ISP connection.

Starting the Nortel Extranet Client, it will connect to the corporate VPN server (the validation completes and the client seems to be satisfied a connection was established), but no corporate resources are accessible. I can ping the VPN server (I've specified either the name or the straight IP) but no other internal servers. External internet servers are still available.

I had suspected that the problem was with the domain/workgroup in my "Network Properties", "Identification" tab or the domain in the DNS portion of the TCP/IP properties of the NIC - changing either/both of these did not help.

If I use dial-up to my personal ISP (the same ISP my DSL connection is on) the VPN client connects fine and I have full access to the corporate LAN/WAN. For this reason I suspect something amiss in the DHCP or NAT setup of the router.

Again, any advice is appreciated. If you need any other setup info, please post.

Thanks,

Rob "Blasikov" Marshall
Andover, MN, USA

DSL telco: Qwest
DSL ISP: MinnNet (aka BossIG, AmeriOn)
O/S: Win98SE (IE5.5sp2)

 

[Nomarian]

All,

I too was getting the BannerSock error when trying to connect with the Nortel Extranet Client. I also have a Linksys Router running NAT. "Help_is_here" had the correct solution. I upgraded my firmware on my router and went to the "Filters" section. I enabled my IPsec option and my BannerSock error went away and I was able to browse the network and connect to resources.

 

[RobertG]

What is the lastest version of the Nortel client (win2000 version) and where can it be obtained?

 

[Guest_imported]

I am using a Netgear RT311 Internet Gateway/Router to share my AT&T cable modem connection with multiple computers. I had to reconfigure the router to forward Ports 500 and 1723 to the machine where I am using the VPN client. Otherwise I would get disconnected in 5 or so minutes. I found this suggestion elsewhere on the web.

 

[josh1234]

Is there a LINUX version of the nortel extranet access client? If so where May I obtain it?

tks,

j

 

[Guest_imported]

u need a static ip

 

[Guest_imported]

After reviewing the comments on this page I got mine to work.

My configuration
- Nortel VPN
- Linksys Wireless Router
- Westell Cable Modem

I pulled up the configuration page for the router (192.168.0.0). Select the ADVANCED tab on the configuration page and then ENABLE ipsec.

 

[Guest_imported]

I had similar problems with the Nortel Contivity 2600 running 3.60.45. All users kept receiving a bannersock or timeout error. Finally, we found the public interface and the switch port it was connected to were both set to auto-negotiate and was dropping pings. We nailed both the interaface and the switch port up and reloaded the Contivity. This last step was important even though it wasn't required or even suggested by the Contivity. We finally got out users on after the reboot.

Fred Fish
Fish's Market Fresh Fish

 

[Guest_imported]

the problem I am having is (with XP_ )Nortel Extranet client 4.1 works, I see all the machines in my corporate work group but when I go to 'join' the domain using a valid id and password it wont let me join the domain

 

[Guest_imported]

For LINUX get freeswan from

http://www.freeswan.org/

 

[Guest_imported]

Going back to the first issue... You cannot have multiple systems using IPsec behind a NAT router unless the router supports multiple IPSec pass-thru. I think the new Linksys VPN Routers will handle this, but I don't know for sure. I have many co-workers set-up on cable or dsl with Linksys devices and they have no problem consistently using their Nortel clients.

 

[Guest_imported]

I run Win XP behind a Linksys router running the latest firmware (1.42.3) and IPSec pass through is Enabled.

I am using the Nortel Contivity Client V.4_12.03.

My problem is identical to someone's above, I appear to authenticate properly, but the login hangs while showing the message "Checking for banner text" The login eventually times out.

When running Win2K and the Nortel client I DO NOT HAVE THIS PROBLEM!

Any ideas or suggestions would be much appreciated!

 

[fullscreen57]

You can get the latest client - EAC415D.exe here -

http://www.crha-health.ab.ca/vpn/installing_extranet_for_win.htm

 

[Guest_imported]

Has anyone attempted to use the Nortel EAC thru Win2k ICS (Internet Connection Sharing)? I have a Win2k Server with a "high-speed" Satellite Connection via USB, shared out to a 3com NIC, then out to a hub. All the machines can access the internet, and can ping the Extranet Server, but only the Server can actually connect to it. I have set up home networks using a Linksys Router, enabling IPsec passthru and setting up a port forward on 500 to broadcast to all the clients attached to the router (192.168.0.255)- that works perfectly. But now I need to share out a satellite connection (using a hub). Basically I'm pretty sure I need to do a similar setup as the linksys router, but on the Win2k ICS Server. Has anyone successfully done this on any type of connection using ICS, and if so how?
Thanks for any support you may be able to provide.

 

[vpneloh]

I have a 3rd party client on a LAN with a Kingston KNE5TP/H 4PORT router who is attempting to access an indirect IP for a Unix app through Nortel VPN Extranet Access Client. Ever since VPN install the client machine cannot even browse the net, meanwhile the other stations are fine. Win98/dsl and no router...dlr gets ""create socket failed with 10047"...I've isolated it as a configuration on his end, but it may be some sort of conflict with the software. The other 3 machines are accessing the internet and the DSL provider is pingable from the said workstation.

Any specific or general input is appreciated. Thank you.

 

[Guest_imported]

I have installed Nortel VPN extranet client with windows 2k on a desktop. I connect to my server and then get a message that says,"loking for banner text." then the connection times out. I an using an SDSL conection 786/256K.

I can dialup on the same connection and using another PC with windows 2k and everthing is ok.

I have no firewall installed.

Anybody seen this before?

 

[Guest_imported]

My problem is very much related to CHATOYER2. I've installed Nortel VPN client on Win98 PC. I've used PAT on my cisco router to get valid IP so that it can talk to VPN server. When i'm using one-to-one NAT i'm able to connect successfully and i'm able to access my remote intranet. BUt while using PAT i'm getting message "loking for banner text." then the connection times out.

 

[Guest_imported]

My problem is very much related to CHATOYER2. I've installed Nortel VPN client on Win98 PC. I've used PAT on my cisco router to get valid IP so that it can talk to VPN server. When i'm using one-to-one NAT i'm able to connect successfully and i'm able to access my remote intranet. BUt while using PAT i'm getting message "loking for banner text." then the connection times out.

If any one has got its solution plz let us know.

 

[warawara]

Having an issue with version 2.66
I "upgraded" a windows 98 machine to windows 2000, yes I know fatal error, but the machine is someones personal machine.

Anyways I upgraded, installed the Extranet software, disabled IPSEC Policy, and now everytime I run the executeable I get the information window, Please reboot the system. I have uninstalled, reinstalled, but I cant dodge this error or push through the application launch..

Help...

 

[Guest_imported]

I was hoping to find some solution to my problem (that I will not bore you with) but it seems the so called experts do not really have a clue how IPSec works. So here it is.

Firstly, IPSec can use AH (Authentication Header) this is optional. IF you or your comapny is using it then read on .... AH hashes the source and destination IP addresses as a means to make sure no one has fiddled with your packets on the Internet. If you are using NAT then the source IP add is changed but not in the AH header and authentication fails ... hence if you are using NAT and AH forget it.

If you are not using AH then you have a chance. This is dependant on the NAT device and how it handles IPSec, normally this is passed on UDP port 500 and can mostly run on static NAT but not so much on Port Address Translation PAT which is what most DSL routers would do.

Finally, there is now TCP/UDP wrappers that take the complete IPSec packet and wrap it in TCP/UDP port 10000, which overcomes all problems but this is dependant on your version of client and concenrator and setup, I understand that this is supported is some release or the Nortel client!

My problem is why does the Client disable the bloody Ethernet port of my PC. If it didn't do this then I could use my static DSL home PC to connect the VPN (this works fine) then over the LAN use the home PC as the default gateway, but as the Etherner port is disabled baaaaa

 

[MarkStewart]

Blasikov,

The reply from "VPN Support" hit the solution right on. I had the same exact problem. Some of these cheap & wimpy ISP's are prohibing your VPN connection. You will need to inform your ISP that you want to do VPN with your Internet connection. Most of the time, they will provide you with a Static IP and it will work. I had the exact same problem. I could create the tunnel, but could not use it. Most of these replies are irrelivant to the problem you were having.

Let me know how you make out!!

Thanks,
Mark