Re: MN-700 and Nortel VPN

01-15-2004, 03:30 PM

OK. Maybe this will sound stupid, but I didn't understand this either.

Instructions for my VPN also said to open IP 50, as well as UDP 500, but the
MN-700 BUN doesn't provide an "IP" protocol setting, just UDP and TCP. Do
you set this up in port forwarding as a UDP port 50 or is there some other
hidden method that doesn't seem to be apparent? I had someone tell me to
update my BUN client, which I did, but that didn't change anything in the
port forwarding screen.

Thanks.

"(E-Mail Removed)" <(E-Mail Removed)> wrote in message
news:040601c3d854$fe9b29e0$(E-Mail Removed)...
> I ran into this about a year ago, and it's not Microsoft's
> fault; it's how Nortel does VPN. In addition to opening
> UDP 500, you'll also need to open the following ports:
>
> IP 50 (ESP)
> IP 51 (IPSEC Authentication Header)
>
> Depending on your version of the Nortel client, this
> should suffice.
>
> The DVAnt
> >-----Original Message-----
> >Hi-
> >
> >I can't get my computer to connect to my work VPN when
> it's behind the MN-
> >700 firewall. Two hours on the phone with MS tech
> support, and their
> >solution was to put the computer I'm using in the DMZ
> (not an acceptable
> >solution, in my view.)
> >
> >Anyway, I renamed the IP address of the router to
> 192.168.1.1 instead of
> >the default 192.168.2.1. No dice. I also set up port
> forwarding for UDP
> >500, and that didn't work, either. Is there any updated
> information out
> >there?
> >
> >My stats:
> >
> >Windows XP Pro, SP1
> >Nortel Contivity VPN client V4_65.09
> >MS mn-700 router, Firmware 2.0.7.331
> >
> >Barb, I will also forward this to (E-Mail Removed).
> >
> >Thanks in advance for any help.
> >
> >Joe
> >.
> >

01-15-2004, 04:26 PM

IP in this case = TCP/IP = TCP

Bob wrote:
> OK. Maybe this will sound stupid, but I didn't understand this
> either.
>
> Instructions for my VPN also said to open IP 50, as well as UDP 500,
> but the MN-700 BUN doesn't provide an "IP" protocol setting, just UDP
> and TCP. Do you set this up in port forwarding as a UDP port 50 or
> is there some other hidden method that doesn't seem to be apparent?
> I had someone tell me to update my BUN client, which I did, but that
> didn't change anything in the port forwarding screen.
>
> Thanks.
>
> "(E-Mail Removed)" <(E-Mail Removed)> wrote in
> message news:040601c3d854$fe9b29e0$(E-Mail Removed)...
>> I ran into this about a year ago, and it's not Microsoft's
>> fault; it's how Nortel does VPN. In addition to opening
>> UDP 500, you'll also need to open the following ports:
>>
>> IP 50 (ESP)
>> IP 51 (IPSEC Authentication Header)
>>
>> Depending on your version of the Nortel client, this
>> should suffice.
>>
>> The DVAnt
>>> -----Original Message-----
>>> Hi-
>>>
>>> I can't get my computer to connect to my work VPN when it's behind
>>> the MN- 700 firewall. Two hours on the phone with MS tech support,
>>> and their solution was to put the computer I'm using in the DMZ
>>> (not an acceptable solution, in my view.)
>>>
>>> Anyway, I renamed the IP address of the router to 192.168.1.1
>>> instead of the default 192.168.2.1. No dice. I also set up port
>>> forwarding for UDP 500, and that didn't work, either. Is there any
>>> updated information out there?
>>>
>>> My stats:
>>>
>>> Windows XP Pro, SP1
>>> Nortel Contivity VPN client V4_65.09
>>> MS mn-700 router, Firmware 2.0.7.331
>>>
>>> Barb, I will also forward this to (E-Mail Removed).
>>>
>>> Thanks in advance for any help.
>>>
>>> Joe
>>> .

--
Barb Bowman
Expert Zone Columnist
http://www.microsoft.com/windowsxp/expertzone
MS-MVP (Windows)

02-04-2004, 07:22 AM

This is not really the right answer, is it? I tried it (I
use the Nortel Contivity Client as well) and it does not
work. My network people told me this was completely
wrong, as TCP Port 50/51 is completely and totally
different from IP Protocol 50/51. I haven't found any way
to specifically enable these ESP/IPSEC protocols; aren't
they supposed to work by default.

I hope someone can figre this out. I hate to have to go
into a virtual DMZ every time I want to connect to work.

>-----Original Message-----
>IP in this case = TCP/IP = TCP
>
>Bob wrote:
>> OK. Maybe this will sound stupid, but I didn't
understand this
>> either.
>>
>> Instructions for my VPN also said to open IP 50, as
well as UDP 500,
>> but the MN-700 BUN doesn't provide an "IP" protocol
setting, just UDP
>> and TCP. Do you set this up in port forwarding as a
UDP port 50 or
>> is there some other hidden method that doesn't seem to
be apparent?
>> I had someone tell me to update my BUN client, which I
did, but that
>> didn't change anything in the port forwarding screen.
>>
>> Thanks.
>>
>> "(E-Mail Removed)"
<(E-Mail Removed)> wrote in
>> message news:040601c3d854$fe9b29e0$(E-Mail Removed)...
>>> I ran into this about a year ago, and it's not
Microsoft's
>>> fault; it's how Nortel does VPN. In addition to
opening
>>> UDP 500, you'll also need to open the following ports:
>>>
>>> IP 50 (ESP)
>>> IP 51 (IPSEC Authentication Header)
>>>
>>> Depending on your version of the Nortel client, this
>>> should suffice.
>>>
>>> The DVAnt
>>>> -----Original Message-----
>>>> Hi-
>>>>
>>>> I can't get my computer to connect to my work VPN
when it's behind
>>>> the MN- 700 firewall. Two hours on the phone with
MS tech support,
>>>> and their solution was to put the computer I'm using
in the DMZ
>>>> (not an acceptable solution, in my view.)
>>>>
>>>> Anyway, I renamed the IP address of the router to
192.168.1.1
>>>> instead of the default 192.168.2.1. No dice. I also
set up port
>>>> forwarding for UDP 500, and that didn't work,
either. Is there any
>>>> updated information out there?
>>>>
>>>> My stats:
>>>>
>>>> Windows XP Pro, SP1
>>>> Nortel Contivity VPN client V4_65.09
>>>> MS mn-700 router, Firmware 2.0.7.331
>>>>
>>>> Barb, I will also forward this to
(E-Mail Removed).
>>>>
>>>> Thanks in advance for any help.
>>>>
>>>> Joe
>>>> .
>
>
>--
> Barb Bowman
> Expert Zone Columnist
> http://www.microsoft.com/windowsxp/expertzone
> MS-MVP (Windows)
>
>
>.
>

02-11-2004, 01:55 PM

I believe the OP is referring to protocol 50 (ESP Protocol)
nothing to do with port 50 for TCP or UDP. I am sure the VPN
client will need the router to allow UDP 500, but more
importantly the router needs to understand there are other
protocols involved... I run my MN-700 in AP mode, so I haven't
had the opportunity to look at the firewall aspects of the
MN-700 [although I am getting the impression that they are poor]

HTH

"Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> IP in this case = TCP/IP = TCP
>
> Bob wrote:
> > OK. Maybe this will sound stupid, but I didn't understand
this
> > either.
> >
> > Instructions for my VPN also said to open IP 50, as well as
UDP 500,
> > but the MN-700 BUN doesn't provide an "IP" protocol setting,
just UDP
> > and TCP. Do you set this up in port forwarding as a UDP
port 50 or
> > is there some other hidden method that doesn't seem to be
apparent?
> > I had someone tell me to update my BUN client, which I did,
but that
> > didn't change anything in the port forwarding screen.
> >
> > Thanks.
> >
> > "(E-Mail Removed)" <(E-Mail Removed)>
wrote in
> > message news:040601c3d854$fe9b29e0$(E-Mail Removed)...
> >> I ran into this about a year ago, and it's not Microsoft's
> >> fault; it's how Nortel does VPN. In addition to opening
> >> UDP 500, you'll also need to open the following ports:
> >>
> >> IP 50 (ESP)
> >> IP 51 (IPSEC Authentication Header)
> >>
> >> Depending on your version of the Nortel client, this
> >> should suffice.
> >>
> >> The DVAnt
> >>> -----Original Message-----
> >>> Hi-
> >>>
> >>> I can't get my computer to connect to my work VPN when
it's behind
> >>> the MN- 700 firewall. Two hours on the phone with MS tech
support,
> >>> and their solution was to put the computer I'm using in
the DMZ
> >>> (not an acceptable solution, in my view.)
> >>>
> >>> Anyway, I renamed the IP address of the router to
192.168.1.1
> >>> instead of the default 192.168.2.1. No dice. I also set
up port
> >>> forwarding for UDP 500, and that didn't work, either. Is
there any
> >>> updated information out there?
> >>>
> >>> My stats:
> >>>
> >>> Windows XP Pro, SP1
> >>> Nortel Contivity VPN client V4_65.09
> >>> MS mn-700 router, Firmware 2.0.7.331
> >>>
> >>> Barb, I will also forward this to (E-Mail Removed).
> >>>
> >>> Thanks in advance for any help.
> >>>
> >>> Joe
> >>> .
>
>
> --
> Barb Bowman
> Expert Zone Columnist
> http://www.microsoft.com/windowsxp/expertzone
> MS-MVP (Windows)
>
>

02-11-2004, 03:20 PM

Protocol 50 = IPSec which should be passed transparently (as I understand
it)

Kerry Liles wrote:
> I believe the OP is referring to protocol 50 (ESP Protocol)
> nothing to do with port 50 for TCP or UDP. I am sure the VPN
> client will need the router to allow UDP 500, but more
> importantly the router needs to understand there are other
> protocols involved... I run my MN-700 in AP mode, so I haven't
> had the opportunity to look at the firewall aspects of the
> MN-700 [although I am getting the impression that they are poor]
>
> HTH
>
>
>
> "Barb Bowman (MVP-Windows)" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> IP in this case = TCP/IP = TCP
>>
>> Bob wrote:
>>> OK. Maybe this will sound stupid, but I didn't understand
> this
>>> either.
>>>
>>> Instructions for my VPN also said to open IP 50, as well as UDP 500,
>>> but the MN-700 BUN doesn't provide an "IP" protocol setting, just
>>> UDP and TCP. Do you set this up in port forwarding as a UDP
> port 50 or
>>> is there some other hidden method that doesn't seem to be
> apparent?
>>> I had someone tell me to update my BUN client, which I did, but that
>>> didn't change anything in the port forwarding screen.
>>>
>>> Thanks.
>>>
>>> "(E-Mail Removed)" <(E-Mail Removed)> wrote in
>>> message news:040601c3d854$fe9b29e0$(E-Mail Removed)...
>>>> I ran into this about a year ago, and it's not Microsoft's
>>>> fault; it's how Nortel does VPN. In addition to opening
>>>> UDP 500, you'll also need to open the following ports:
>>>>
>>>> IP 50 (ESP)
>>>> IP 51 (IPSEC Authentication Header)
>>>>
>>>> Depending on your version of the Nortel client, this
>>>> should suffice.
>>>>
>>>> The DVAnt
>>>>> -----Original Message-----
>>>>> Hi-
>>>>>
>>>>> I can't get my computer to connect to my work VPN when it's behind
>>>>> the MN- 700 firewall. Two hours on the phone with MS tech
>>>>> support, and their solution was to put the computer I'm using in
> the DMZ
>>>>> (not an acceptable solution, in my view.)
>>>>>
>>>>> Anyway, I renamed the IP address of the router to
> 192.168.1.1
>>>>> instead of the default 192.168.2.1. No dice. I also set
> up port
>>>>> forwarding for UDP 500, and that didn't work, either. Is there
>>>>> any updated information out there?
>>>>>
>>>>> My stats:
>>>>>
>>>>> Windows XP Pro, SP1
>>>>> Nortel Contivity VPN client V4_65.09
>>>>> MS mn-700 router, Firmware 2.0.7.331
>>>>>
>>>>> Barb, I will also forward this to (E-Mail Removed).
>>>>>
>>>>> Thanks in advance for any help.
>>>>>
>>>>> Joe
>>>>> .
>>
>>
>> --
>> Barb Bowman
>> Expert Zone Columnist
>> http://www.microsoft.com/windowsxp/expertzone
>> MS-MVP (Windows)

--
Barb Bowman
Expert Zone Columnist
http://www.microsoft.com/windowsxp/expertzone
MS-MVP (Windows)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Nortel VPN and MN-700 Issue	AtlantaX	Broadband Hardware	0	08-16-2006 02:44 AM
Can't remove Nortel VPN eacfilt.sys	Bruce P. Burrell	Windows Networking	0	01-23-2006 12:00 AM
Does IAS work with Nortel VPN?	Mike Busch	Windows Networking	0	04-16-2004 02:46 PM
NORTEL BAYSTACK 450 12T (RMAL2012E15)		Windows Networking	0	04-07-2004 12:02 PM
Nortel Client issues.	Falcon1	Windows Networking	4	12-23-2003 10:35 AM