I have this problem. I built out a LAN for a customer using private IP addressing. On the WAN side I'm using a pool of public IP Addresses to provide NAT. The LAN works for most Internet applications including voice but I have an issue with users who want to connect to VPNs. WHen the user launches their client the VPN takes a very long time to connect and then no traffic passes in the tunnel so the VPN is unuseable at that point. If I set up a 1:1 static NAT for a user then they can successfully use their VPN.
Could it be because I'm using a pool of addresses for NAT the public address coulel be changing? Any way to get around this?
This happens whether they are using Cisco, Nortel or any other VPN.
Well the thing is, I am having the same problem when trying to connect to my VPN and I know for a fact that NAT Traversal is enabled on my VPN router.
If I use a 1:1 static NAT I can successfully connect. How about instead of using a pool of public addresses I use just one public address for NAT instead. The total number of users on the network will not cross 80-100 or so.
the vpn router is a nortel vpn router. nat traversal is enabled on it. but i discovered something today, i can use my cisco vpn. cisco vpn router is actually a 7401 router with vpn ios installed on it.
When the Nortel VPN client can't connect, are you using PAT? I have a 506e with 6.3(5) and was not able to connect to a Nortel Contivity 5000 with Nat-t set to always encap udp 10001. After checking with a sniffer, I noticed that the source port of the PATed isakmp packets from the client was 0. The connection table showed a port translation of udp 500 to udp 500 on the PIX. Turns out, the sniffer was right. We were blocking the lower source ports to our VPN on our Internet router. With thoose lower ports open, Nortel VPN client works perfect.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.