Nortel VPN and XP Home

Discussion in 'Windows Desktop Systems' started by jedi-sal, May 13, 2002.

  1. jedi-sal

    jedi-sal Guest

    Hey all,

    Trying to get Nortel's VPN software to work on my XP Home machine. I have the lastest and greatest from Nortel and people at the office have gotten this work....I am having issues though....I keep getting an error about public key mis-match.

    I'm running a NAT LAN between my cable modem and router. IP spooffing one IP in the DMZ. Some have told me that this may be my issue, however, so to test this theory out I plugged the XP machine directly into the cable modem. I am still getting the same error.

    Any suggestions or ideas? What am I missing?


    Jedi Sal
  2. xsivforce

    xsivforce Prodigal Son Folding Team

    Texas, USA
    Don't know if any of this helps. I do not use Nortel VPN. This is some info I have gathered:

    1) Your router/DSL/Cable modem...etc must support IPsec pass-through.
    Workaround: If you are using a Cable/DSL router (linksys) remove the linksys from the equation and connect directly to your DSL cable modem. If you don't have a router and already connect straight to the DSL/Cable modem then contact your ISP and make sure they support IPsec.

    2) Nortel clients communicates on UDP port 500 to send and receive 'hello' packets. So if you see users getting dropped after a few minutes, this is probably the issue.
    Workaround: open UDP port 500 and set TTL to 99.

    3)When you NAT a VPN session it changes the packet headers. Any decent company will have a network setup behind a firewall and when that firewall receives theses packets, it checks the headers. When it sees that it does not match what the address should be it considers it a "spoofed" or bad packet and drops it.

    4)Also, beware the ISPs and DSL providers that block IPSec packets (why - so you are forced to buy the more expensive business package with static IPs, a router, etc.) Make sure your service provider does not do this. If they do, call and complain. Also tell them you will write to the FCC and your state attorney general.
  3. jedi-sal

    jedi-sal Guest

    Nortel VPN and XP Home continued

    Thanks for you reply xsivforce
    To keep the crazyness going....

    I do have IPSec Pass thorugh going on my Linksys router. The interesting part about this whole deal is that the Nortel Client works great on my Win NT machine. (with NAT running and everything.) Its only on the XP machine that I can't get the Nortel VPN client to work.

    I'm going to see if setting the specified port options help out.

    I'm also sure that my ISP doesn't drop the IPSec packets since this works fine on my Win NT machine.

    Other Ideas?