Matt Repko wrote:
I am having some difficulties with multiple Nortel VPN clients behind a Gnatbox GB-1000 unit. I've scoured Gnatbox's knowledgebase and various other resources and have not found any solid information. Hopefully someone on the list has run into this problem or has some good suggestions. Looking through Nortel's documentation yielded a known issue with NAT traversal connection failure which essentially explains that multiple VPN connections behind a NAT firewall will lead to unreliable connection with the Nortel Contivity client. Has anyone had problems like this? Has anyone come up with a solution or at least a workaround. I am open to suggestions.
If using multiple IP's on the Nortel box is impossible, you could try doing the same thing on your end. Assign multiple IP's to your GB-1000 and use static address mappings to have each VPN session appear to originate from a different IP.
FYI, the GNAT Box VPN client has the same issue with NAT; I've heard rumours that Cisco has a client that will work around this problem but I haven't used it myself.
I guess I'm puzzled by this. We were using Checkpoint SecureRemote at my day job and switched to Nortel recently.
I've never noticed the described behavior because when I telecommute, I'm the only one doing so from my house. Anyway,
one of the things I liked about Nortel was that it could be set up to use UDP encapsulation, instead of ESP, which has the
standard problem of "where do return packets go, since there's no port number to go by?" The described problem sounds like
ESP is being used, not UDP. If not, I'm at a loss to understand how this would ever happen, since steering inbound packets
based on the port number is fundamental to allowing multiple clients using TCP or UDP behind a NAT gateway.
------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
