Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Nortel VPN connection problem through Microsoft Windows 2000 Advance 1

Status
Not open for further replies.

gregb63

IS-IT--Management
Feb 16, 2003
1
US
Help...

My employer uses Nortel Contivity VPN server. We have been provided the VPN client V04_60.51 I am unable to connect. I receive a message "searching for text banner" then the message "secure contivity VPN connection has been lost"....

The network my client is loaded on is a Windows 2000 Advance server, connected through highspeed cable modem.



Greg B
 
Have you found a solution to this?

I have auser experiencing similar symptoms, only he is using XP
 
We are running MS Small Business Server 2000, and we are having the same "Banner Text" issue. I installed the latest version of the VPN client on the server computer. Protocol 50 and UDP 500 are open on the firewall. When I try to connect from the server I have no problems at all.
When I try to connect from the workstations I get the "Checking for Banner Text" message and then the "the secure Contivity VPN connection has been lost....."
Any suggestions would be helpful, I am still working on this, so anything I can come up with I will gladly share.

The latest version of the client is supposed to work with XP. V04_65.9
 
do you have a Linksys or any type of router in between your cable modem and PC, or does your VPN switch have UDP wrapping enable. I have this with UDP wrapping and a D-Link router that doesn't like UDP wrapping, once UDP wrapping is disable, I connect
 
I have a similiar problem and posted a question today under my name "Ssteph" and won't repeat it here. Everyone else around me can use their VPN client. I am the only one with this "connection lost" error and I didn't have it before I upgraded my VPN software. I get the same error after re-installing the previous version. There must be something local to the pc that is preventing the connection ?
 
Solution ID: NORT26199 Product Family: Enterprise Data

Title:
The client cannot connect to the Contivity.

Facts:
Enterprise Data

Contivity

Extranet Access Client

Bannersock

VPN

Extranet Access Client


Symptoms:
The client cannot connect to the Contivity.

Error: launching BannerSock: The attempt to connect timed out without establishing a connection.

When attempting to run the Nortel Extranet Access Client, the error message : 'launching BannerSock: The attempt to connect timed out without establishing a connection' appears.


Fix:
Perform two preliminary steps on all machines before further troubleshooting:
1) Make sure that the IPSec Policy Agent is disabled:
Start | Programs | Administrative Tools | Services IPSec Policy Agent |
Then check the status and set to disabled if it is enabled.

2) Disable Internet Connection Sharing:
Start | Settings | Control Panel | Dial Up and Network Connections |
Right click on the VPN connection that you set up | Properties | Sharing |
Then remove the check in the box for Internet Connection Sharing.

If these preliminary steps do not work, perform the following steps:

1) The user is logging on to the Extranet Switch as part of a group. Within that group, the WINS and DNS settings are configured. Go to Profiles/Groups/ and choose "edit the group". Under the IPsec parameters, make sure the WINS and DNS info is configured for the group the user is connecting to.

2) Make sure that there is Punch through the Firewall (both personal and at the ISP level) Protocol 17 (UDP) at source port 500, and destination port 500. Protocol 50 (ESP) must also be opened on inbound and outbound Ports are not necessary for Protocols 50, but if the firewall demands it then use zeros or NA for both the source and destination ports, depending on the requirements of the router or firewall. Remember that the ISP may also have a firewall.

3) There can be some issues related to NAT. 1 to 1 works - many to 1 does not. The CES server listens on port 500 for an IPsec tunnel to come in. It then must map this tunnel back to an IP address on that port. When a second tunnel request comes in with the same IP and port (many to 1), the CES server sees that as a security threat and drops the second connection. 1 to 1 can map the port 500 request back to a routable IP address and establish the connection.

4) The customer may be using a DSL, ISDN or cable connection which all use NAT. DSL typically uses several layers of NAT, and since IPsec is port 500 specific, if that port is blocked or in use at any level, the customer is not able to connect. Firmware upgrades from the vendors are often required.

5) Remove and reinstall the TCP/IP stack. Uninstall and reinstall the EAC.
Delete the connection from the Extranet Connection Manager, then re-create a connection and try re-connecting.

6) Remove unauthorized Third-Party Virtual Private Networking (VPN) Software by right clicking on Network Neighborhood, or My Network Places (Windows 2000 Professional) and choosing Properties. A number of Adaptors are listed, some of which are virtual ones that establish Virtual Private Networks. Look for names such as: NAP PGP (Pretty Good Protection), Cisco Secure VPN, Infra-RED VPN Adaptor, PPGNet VPN Adaptor, and AOL 5.0. This is a frequent cause of the error.

7) Too many adapters on PC can cause the problem as well. Nortel Networks' Client does not like more than four adapters. Do not remove the Dial Up Adaptor #2 (VPN Support), Extranet Access Client Adaptor (by Nortel Networks). The Microsoft Virtual Private Networking Adaptor for PPTP is supported, but may need to be removed if the number of adaptors listed is excessive.

8) Can you ping and/or tracert to the CES? Are filters installed? Are you using IP compression?

9) If the client is using Windows 95, update the Dial-up Networking (DUN) to at least version 1.3

10) If the client is using Windows NT 4.0 workstation, make sure that at least service pack 5 is installed. Service pack 6a is recommended.
 
I disabled banner text from all my Groups and that solved the problem for everyone.
Profiles>Groups>Edit>Ipsec
Display Banner >Disabled.
 
Is the option to turn the banner text off done on the server side or the client side? I ask this because the version of the VPN client that we were provided is preconfigured for us, so all we have to do is install and run. If this is the case, does anyone know of anything that we can do on the client side to make the connection work? I have tried the "Disable Keepalives" and that does not make a difference.
 
I had this problem and it was due to having a Brother Multi-function printer installed. They have a fix for it. It is a patch to the registry. Just uninstalling the printer does not fix the problem.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top