Nortel VPN Client

D

Dumitru Ozunu

Hi guys,

I have a problem using a Nortel VPN Client. I'm using a W2K SP4 machine, the
VPN client v04_61.18 installs without problems, I'm using a softoken, but
the connection fails (the user grup and password are correct, the UID and
generated softoken are also OK). I'm trying this since 1 week and is driving
me nuts.The W2K machine on which the Nortel VPN Client runs is behind a
Firebox II thing. What should I do to have the client run? Here is the log
file from my VPN Client (I think there is a problem with the NAT, please
help...

Wed Nov 26 09:59:52 2003 | Isakmp | I | Logging subsystem initialized.
Wed Nov 26 10:00:04 2003 | Isakmpd | I | Connection initiated to 194.x.x.x
[194.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:00:09 2003 | Isakmpd | F | Login failed. Please consult the
switch log for further information.
Wed Nov 26 10:00:24 2003 | Isakmpd | I | Connection initiated to
194.x.x.x[194.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:00:26 2003 | ConfMode | S | Authentication successful.
Wed Nov 26 10:00:26 2003 | ConfMode | I | IP Address 10.y.y.y.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Keepalive interval set to 60
seconds.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Maximum keepalive retransmissions
set to 3 retries.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Mandatory tunneling enforced.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Domain name set to "a.b.com".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Primary Domain Name Server
"10.y.x.z".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Secondary Domain Name Server
"10.x.f.g".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Primary WINS Server "10.f.g.h".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Secondary WINS Server "10.d.e.g".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Saving Password on client is
turned Off.
Wed Nov 26 10:00:26 2003 | ConfMode | I | NAT Traversal invoked.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Received NAT Keepalive value of 8
seconds from switch.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Current time on switch is 11/26/03
10:00:25 GMT.
Wed Nov 26 10:00:29 2003 | NameSrvr | W | Adding DNS Servers "10.s.d.g.g.d".
Wed Nov 26 10:00:30 2003 | NameSrvr | W | Adding WINS Servers
"10.a.f.f*10.a.f.r".
Wed Nov 26 10:00:31 2003 | Failover | W | Failover list set to none.
Wed Nov 26 10:15:48 2003 | Isakmpd | F | The secure Contivity VPN connection
has been lost.
Click Connect to re-establish the connection.

Thanx,
mitru
 
D

David Robbins

Dumitru Ozunu said:
Hi guys,

I have a problem using a Nortel VPN Client. I'm using a W2K SP4 machine, the
VPN client v04_61.18 installs without problems, I'm using a softoken, but
the connection fails (the user grup and password are correct, the UID and
generated softoken are also OK). I'm trying this since 1 week and is driving
me nuts.The W2K machine on which the Nortel VPN Client runs is behind a
Firebox II thing. What should I do to have the client run? Here is the log
file from my VPN Client (I think there is a problem with the NAT, please
help...

Wed Nov 26 09:59:52 2003 | Isakmp | I | Logging subsystem initialized.
Wed Nov 26 10:00:04 2003 | Isakmpd | I | Connection initiated to 194.x.x.x
[194.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:00:09 2003 | Isakmpd | F | Login failed. Please consult the
switch log for further information.
Wed Nov 26 10:00:24 2003 | Isakmpd | I | Connection initiated to
194.x.x.x[194.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:00:26 2003 | ConfMode | S | Authentication successful.
Wed Nov 26 10:00:26 2003 | ConfMode | I | IP Address 10.y.y.y.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Keepalive interval set to 60
seconds.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Maximum keepalive retransmissions
set to 3 retries.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Mandatory tunneling enforced.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Domain name set to "a.b.com".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Primary Domain Name Server
"10.y.x.z".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Secondary Domain Name Server
"10.x.f.g".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Primary WINS Server "10.f.g.h".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Secondary WINS Server "10.d.e.g".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Saving Password on client is
turned Off.
Wed Nov 26 10:00:26 2003 | ConfMode | I | NAT Traversal invoked.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Received NAT Keepalive value of 8
seconds from switch.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Current time on switch is 11/26/03
10:00:25 GMT.
Wed Nov 26 10:00:29 2003 | NameSrvr | W | Adding DNS Servers "10.s.d.g.g.d".
Wed Nov 26 10:00:30 2003 | NameSrvr | W | Adding WINS Servers
"10.a.f.f*10.a.f.r".
Wed Nov 26 10:00:31 2003 | Failover | W | Failover list set to none.
Wed Nov 26 10:15:48 2003 | Isakmpd | F | The secure Contivity VPN connection
has been lost.
Click Connect to re-establish the connection.

Thanx,
mitru
Click to expand...
it looks to me like its making a connection ok, then after 15 minutes it
drops it. if this is what is happening, try turning off the keepalives....
i know, this doesn't make sense, but on our vpn we have found that some
users on fast dsl or isdn connections (maybe related to nat) randomly drop
the connection when keepalives are enabled.
 
D

Dumitru Ozunu

no, is no timeout, the last timestamp was entered in the log only when I
pushed the OK button of the Box saying connection lost, please reconnect...
the problem is by the FireBox that lies behind (NAT Traversal doesn't
function properly, i.e the client finds the server but then the server can
not find back the calling client)
Does anybody have some xperience with this problem, i.e. VPN and FireBox II
from WatchGuard?
thanx again,
mitru


David Robbins said:
Dumitru Ozunu said:
Hi guys,

I have a problem using a Nortel VPN Client. I'm using a W2K SP4 machine, the
VPN client v04_61.18 installs without problems, I'm using a softoken, but
the connection fails (the user grup and password are correct, the UID and
generated softoken are also OK). I'm trying this since 1 week and is driving
me nuts.The W2K machine on which the Nortel VPN Client runs is behind a
Firebox II thing. What should I do to have the client run? Here is the log
file from my VPN Client (I think there is a problem with the NAT, please
help...

Wed Nov 26 09:59:52 2003 | Isakmp | I | Logging subsystem initialized.
Wed Nov 26 10:00:04 2003 | Isakmpd | I | Connection initiated to 194.x.x.x
[194.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:00:09 2003 | Isakmpd | F | Login failed. Please consult the
switch log for further information.
Wed Nov 26 10:00:24 2003 | Isakmpd | I | Connection initiated to
194.x.x.x[194.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:00:26 2003 | ConfMode | S | Authentication successful.
Wed Nov 26 10:00:26 2003 | ConfMode | I | IP Address 10.y.y.y.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Keepalive interval set to 60
seconds.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Maximum keepalive retransmissions
set to 3 retries.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Mandatory tunneling enforced.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Domain name set to "a.b.com".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Primary Domain Name Server
"10.y.x.z".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Secondary Domain Name Server
"10.x.f.g".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Primary WINS Server "10.f.g.h".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Secondary WINS Server "10.d.e.g".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Saving Password on client is
turned Off.
Wed Nov 26 10:00:26 2003 | ConfMode | I | NAT Traversal invoked.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Received NAT Keepalive value
Click to expand...
of
8
seconds from switch.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Current time on switch is 11/26/03
10:00:25 GMT.
Wed Nov 26 10:00:29 2003 | NameSrvr | W | Adding DNS Servers "10.s.d.g.g.d".
Wed Nov 26 10:00:30 2003 | NameSrvr | W | Adding WINS Servers
"10.a.f.f*10.a.f.r".
Wed Nov 26 10:00:31 2003 | Failover | W | Failover list set to none.
Wed Nov 26 10:15:48 2003 | Isakmpd | F | The secure Contivity VPN connection
has been lost.
Click Connect to re-establish the connection.

Thanx,
mitru
Click to expand...
it looks to me like its making a connection ok, then after 15 minutes it
drops it. if this is what is happening, try turning off the keepalives....
i know, this doesn't make sense, but on our vpn we have found that some
users on fast dsl or isdn connections (maybe related to nat) randomly drop
the connection when keepalives are enabled.
Click to expand...
 
R

rossi

Dumitru Ozunu said:
Hi guys,

I have a problem using a Nortel VPN Client. I'm using a W2K SP4 machine, the
VPN client v04_61.18 installs without problems, I'm using a softoken, but
the connection fails (the user grup and password are correct, the UID and
generated softoken are also OK). I'm trying this since 1 week and is driving
me nuts.The W2K machine on which the Nortel VPN Client runs is behind a
Firebox II thing. What should I do to have the client run? Here is the log
file from my VPN Client (I think there is a problem with the NAT, please
help...

Wed Nov 26 09:59:52 2003 | Isakmp | I | Logging subsystem initialized.
Wed Nov 26 10:00:04 2003 | Isakmpd | I | Connection initiated to 194.x.x.x
[194.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:00:09 2003 | Isakmpd | F | Login failed. Please consult the
switch log for further information.
Wed Nov 26 10:00:24 2003 | Isakmpd | I | Connection initiated to
194.x.x.x[194.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:00:26 2003 | ConfMode | S | Authentication successful.
Wed Nov 26 10:00:26 2003 | ConfMode | I | IP Address 10.y.y.y.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Keepalive interval set to 60
seconds.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Maximum keepalive retransmissions
set to 3 retries.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Mandatory tunneling enforced.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Domain name set to "a.b.com".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Primary Domain Name Server
"10.y.x.z".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Secondary Domain Name Server
"10.x.f.g".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Primary WINS Server "10.f.g.h".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Secondary WINS Server "10.d.e.g".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Saving Password on client is
turned Off.
Wed Nov 26 10:00:26 2003 | ConfMode | I | NAT Traversal invoked.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Received NAT Keepalive value of 8
seconds from switch.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Current time on switch is 11/26/03
10:00:25 GMT.
Wed Nov 26 10:00:29 2003 | NameSrvr | W | Adding DNS Servers "10.s.d.g.g.d".
Wed Nov 26 10:00:30 2003 | NameSrvr | W | Adding WINS Servers
"10.a.f.f*10.a.f.r".
Wed Nov 26 10:00:31 2003 | Failover | W | Failover list set to none.
Wed Nov 26 10:15:48 2003 | Isakmpd | F | The secure Contivity VPN connection
has been lost.
Click Connect to re-establish the connection.

Thanx,
mitru
Click to expand...


Can you post the event log from the Contivity? This might give us more info...
 
D

Dumitru Ozunu

I have access only on the client, e.g:

Wed Nov 26 10:45:41 2003 | Isakmp | I | Logging subsystem initialized.
Wed Nov 26 10:45:50 2003 | Isakmpd | I | Connection initiated to
194.x.x.x[x.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:45:52 2003 | ConfMode | S | Authentication successful.
Wed Nov 26 10:45:52 2003 | ConfMode | I | IP Address 10.x.x.x
Wed Nov 26 10:45:52 2003 | ConfMode | I | Keepalive interval set to 60
seconds.
Wed Nov 26 10:45:52 2003 | ConfMode | I | Maximum keepalive retransmissions
set to 3 retries.
Wed Nov 26 10:45:52 2003 | ConfMode | I | Mandatory tunneling enforced.
Wed Nov 26 10:45:52 2003 | ConfMode | I | Domain name set to "a.b.c".
Wed Nov 26 10:45:52 2003 | ConfMode | I | Primary Domain Name Server
"10.x.x.x".
Wed Nov 26 10:45:52 2003 | ConfMode | I | Secondary Domain Name Server
"10.x.x.x".
Wed Nov 26 10:45:52 2003 | ConfMode | I | Primary WINS Server "10.x.x.x".
Wed Nov 26 10:45:52 2003 | ConfMode | I | Secondary WINS Server "x.x.x.x".
Wed Nov 26 10:45:52 2003 | ConfMode | I | Saving Password on client is
turned Off.
Wed Nov 26 10:45:52 2003 | ConfMode | I | NAT Traversal invoked.
Wed Nov 26 10:45:52 2003 | ConfMode | I | Received NAT Keepalive value of 8
seconds from switch.
Wed Nov 26 10:45:52 2003 | ConfMode | I | Current time on switch is 11/26/03
10:45:51 GMT.
Wed Nov 26 10:45:55 2003 | NameSrvr | W | Adding DNS Servers "10.x.x.x".
Wed Nov 26 10:45:56 2003 | NameSrvr | W | Adding WINS Servers
"10.x.x.x*10.x.x.x".
Wed Nov 26 10:45:57 2003 | Failover | W | Failover list set to none.
Wed Nov 26 10:46:49 2003 | Isakmpd | F | The secure Contivity VPN connection
has been lost.
Click Connect to re-establish the connection.

as I've read in the help file, there is a problem with the NAT Traversal and
I have no ideea how to configure the FireBox II stuff...


rossi said:
"Dumitru Ozunu" <[email protected]> wrote in message
Hi guys,

I have a problem using a Nortel VPN Client. I'm using a W2K SP4 machine, the
VPN client v04_61.18 installs without problems, I'm using a softoken, but
the connection fails (the user grup and password are correct, the UID and
generated softoken are also OK). I'm trying this since 1 week and is driving
me nuts.The W2K machine on which the Nortel VPN Client runs is behind a
Firebox II thing. What should I do to have the client run? Here is the log
file from my VPN Client (I think there is a problem with the NAT, please
help...

Wed Nov 26 09:59:52 2003 | Isakmp | I | Logging subsystem initialized.
Wed Nov 26 10:00:04 2003 | Isakmpd | I | Connection initiated to 194.x.x.x
[194.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:00:09 2003 | Isakmpd | F | Login failed. Please consult the
switch log for further information.
Wed Nov 26 10:00:24 2003 | Isakmpd | I | Connection initiated to
194.x.x.x[194.x.x.x] using Diffie-Hellman group 2.
Wed Nov 26 10:00:26 2003 | ConfMode | S | Authentication successful.
Wed Nov 26 10:00:26 2003 | ConfMode | I | IP Address 10.y.y.y.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Keepalive interval set to 60
seconds.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Maximum keepalive retransmissions
set to 3 retries.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Mandatory tunneling enforced.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Domain name set to "a.b.com".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Primary Domain Name Server
"10.y.x.z".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Secondary Domain Name Server
"10.x.f.g".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Primary WINS Server "10.f.g.h".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Secondary WINS Server "10.d.e.g".
Wed Nov 26 10:00:26 2003 | ConfMode | I | Saving Password on client is
turned Off.
Wed Nov 26 10:00:26 2003 | ConfMode | I | NAT Traversal invoked.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Received NAT Keepalive value of 8
seconds from switch.
Wed Nov 26 10:00:26 2003 | ConfMode | I | Current time on switch is 11/26/03
10:00:25 GMT.
Wed Nov 26 10:00:29 2003 | NameSrvr | W | Adding DNS Servers "10.s.d.g.g.d".
Wed Nov 26 10:00:30 2003 | NameSrvr | W | Adding WINS Servers
"10.a.f.f*10.a.f.r".
Wed Nov 26 10:00:31 2003 | Failover | W | Failover list set to none.
Wed Nov 26 10:15:48 2003 | Isakmpd | F | The secure Contivity VPN connection
has been lost.
Click Connect to re-establish the connection.

Thanx,
mitru
Click to expand...


Can you post the event log from the Contivity? This might give us more
Click to expand...
info...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VPN Client and FireBox II 1
Explorer errors 6
Windows 2000 Standby Fail on ThinkPad T22 4
XP Disconnects from VPN intermittently 1
STOP 0XD1 Error on XP SP2 2
Can not boot to SAFE MODE, STOP ERROR 10
BSOD apparently caused by ntkrpamp.exe 3
Vista BSOD and debug 3

Top