I am having some difficulties with multiple Nortel VPN clients behind a Gnatbox GB-1000 unit. I've scoured Gnatbox's knowledgebase and various other resources and have not found any solid information. Hopefully someone on the list has run into this problem or has some good suggestions.
Here is the situation. We have a client who allows a handful of our developers VPN access into their network. We have a GB-1000 and our users are connecting to a Nortel VPN server using the Nortel Contivity client version 4.65. When a single developer connects to the VPN, everything works fine. If a second VPN connection is established, both connections hang. The developers have resorted to a verbal, "who's using the VPN?" method to avoid compromising one another's VPN sessions. Needless to say, this is cutting into productivity. I have been able to rule out network issues, bandwidth issues and the like. My guess is that the problem is with the GB-1000 and Nortel's IPSec transmissions. All of our network traffic appears to originate from a single IP address, that's the point of NAT though. When a single VPN connection is active, the GB-1000 routes traffic properly, with a second VPN connection, the routing is not functioning properly. To take this a step further, when our VPN clients connect to two different external IP addresses on the clients VPN server, both sessions work fine. Unfortunately, we cannot configure the VPN client to specify which VPN server IP address to use, the second IP address is only assigned as a failover. Looking through Nortel's documentation yielded a known issue with NAT traversal connection failure which essentially explains that multiple VPN connections behind a NAT firewall will lead to unreliable connection with the Nortel Contivity client. Has anyone had problems like this? Has anyone come up with a solution or at least a workaround. I am open to suggestions. Matthew R. Repko Advanced Automation Associates, Inc. 640 Rice Boulevard Exton, PA 19341 (610) 458-8700 (610) 458-0606 F <mailto:[EMAIL PROTECTED]> www.aaainc.com The information contained in this communication may be confidential, is intended for the use of the recipient(s) named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communications, or any of its contents, is strictly prohibited. ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
