VPN lost connection even after Persistent port forwarding win XP

I have a MN-700 router and DSL service from SBC Yahoo
with a Dynamic IP, I use win XP.

I have updated the latest FW and SW from the MS web site
posted in July 2003.

My problems persist before and after the updates:

I enabled persistent port forwarding in the router for
the ports (500 and 2200-2300 ) my Nortel VPN client needs
over UDP.

When I try to connect, the VPN client is able to
authenticate and connect but then immediately (in less
than 30 seconds) times out while trying to get Banner
text (the message is, "Getting Banner Text from server").

Any tips on what might be wrong here?

I am able to connect only when I enable DMZ over a
particular host, however I feel I am compromising
security by enabling DMZ, more over I often have to
connect multiple clients and DMZ allows only one client
at a time to be on DMZ.



UD

It appears like one of the ports needed is not open.

Enable the DMZ again, run netstat -ano before and while
running the VPN, and compare which ports are open.

>-----Original Message-----
>I have a MN-700 router and DSL service from SBC Yahoo
>with a Dynamic IP, I use win XP.
>
>I have updated the latest FW and SW from the MS web site
>posted in July 2003.
>
>My problems persist before and after the updates:
>
>I enabled persistent port forwarding in the router for
>the ports (500 and 2200-2300 ) my Nortel VPN client needs
>over UDP.
>
>When I try to connect, the VPN client is able to
>authenticate and connect but then immediately (in less
>than 30 seconds) times out while trying to get Banner
>text (the message is, "Getting Banner Text from server").
>
>Any tips on what might be wrong here?
>
>I am able to connect only when I enable DMZ over a
>particular host, however I feel I am compromising
>security by enabling DMZ, more over I often have to
>connect multiple clients and DMZ allows only one client
>at a time to be on DMZ.
>
>.
>

Is the computer on a wireless connection to the MN-700?

If so what kind of wireless security are you using?

UD wrote:
> I have a MN-700 router and DSL service from SBC Yahoo
> with a Dynamic IP, I use win XP.
>
> I have updated the latest FW and SW from the MS web site
> posted in July 2003.
>
> My problems persist before and after the updates:
>
> I enabled persistent port forwarding in the router for
> the ports (500 and 2200-2300 ) my Nortel VPN client needs
> over UDP.
>
> When I try to connect, the VPN client is able to
> authenticate and connect but then immediately (in less
> than 30 seconds) times out while trying to get Banner
> text (the message is, "Getting Banner Text from server").
>
> Any tips on what might be wrong here?
>
> I am able to connect only when I enable DMZ over a
> particular host, however I feel I am compromising
> security by enabling DMZ, more over I often have to
> connect multiple clients and DMZ allows only one client
> at a time to be on DMZ.
>

I also forgot you can't connect more then one client behind the MN-700
at the same time.

joker wrote:

> Is the computer on a wireless connection to the MN-700?
>
> If so what kind of wireless security are you using?
>
> UD wrote:
>
>> I have a MN-700 router and DSL service from SBC Yahoo with a Dynamic
>> IP, I use win XP.
>>
>> I have updated the latest FW and SW from the MS web site posted in
>> July 2003.
>>
>> My problems persist before and after the updates:
>>
>> I enabled persistent port forwarding in the router for the ports (500
>> and 2200-2300 ) my Nortel VPN client needs over UDP.
>> When I try to connect, the VPN client is able to authenticate and
>> connect but then immediately (in less than 30 seconds) times out while
>> trying to get Banner text (the message is, "Getting Banner Text from
>> server").
>> Any tips on what might be wrong here?
>> I am able to connect only when I enable DMZ over a particular host,
>> however I feel I am compromising security by enabling DMZ, more over I
>> often have to connect multiple clients and DMZ allows only one client
>> at a time to be on DMZ.
>>
>

Thanks Lilo, that worked!
Also with the help of "netstat -ano" I was able to change
from persistent to application triggered port forwarding.

Answer to the question from "Joker", I use both WEP and
MAC security on the wireless, however I am curious how
will that impact VPN connections?

UD
>-----Original Message-----
>It appears like one of the ports needed is not open.
>
>Enable the DMZ again, run netstat -ano before and while
>running the VPN, and compare which ports are open.
>
>>-----Original Message-----
>>I have a MN-700 router and DSL service from SBC Yahoo
>>with a Dynamic IP, I use win XP.
>>
>>I have updated the latest FW and SW from the MS web
site
>>posted in July 2003.
>>
>>My problems persist before and after the updates:
>>
>>I enabled persistent port forwarding in the router for
>>the ports (500 and 2200-2300 ) my Nortel VPN client
needs
>>over UDP.
>>
>>When I try to connect, the VPN client is able to
>>authenticate and connect but then immediately (in less
>>than 30 seconds) times out while trying to get Banner
>>text (the message is, "Getting Banner Text from
server").
>>
>>Any tips on what might be wrong here?
>>
>>I am able to connect only when I enable DMZ over a
>>particular host, however I feel I am compromising
>>security by enabling DMZ, more over I often have to
>>connect multiple clients and DMZ allows only one client
>>at a time to be on DMZ.
>>
>>.
>>
>.
>

Because of problems with 802.1x authentication (which is enabled by
default with SP1) and some VPN connections when using wireless. I take
it that you are using a wired connection then. Because when using WEP
the MN-700 is not a 802.1x authentication server & that causes problems
for wireless VPN computers. (That is at least my understanding of VPN's
& 802.1x authentication.) Thus if you were using WEP & wireless I'd
recommend using WPA & enabling 802.1x authentication on the wireless
computers. Since you are using WEP you will need to do the VPN on a
wired connection. (Once again this is according to my understanding of
the technologies involved.)

UD wrote:
> Thanks Lilo, that worked!
> Also with the help of "netstat -ano" I was able to change
> from persistent to application triggered port forwarding.
>
> Answer to the question from "Joker", I use both WEP and
> MAC security on the wireless, however I am curious how
> will that impact VPN connections?
>
> UD
>
>>-----Original Message-----
>>It appears like one of the ports needed is not open.
>>
>>Enable the DMZ again, run netstat -ano before and while
>>running the VPN, and compare which ports are open.
>>
>>
>>>-----Original Message-----
>>>I have a MN-700 router and DSL service from SBC Yahoo
>>>with a Dynamic IP, I use win XP.
>>>
>>>I have updated the latest FW and SW from the MS web
>
> site
>
>>>posted in July 2003.
>>>
>>>My problems persist before and after the updates:
>>>
>>>I enabled persistent port forwarding in the router for
>>>the ports (500 and 2200-2300 ) my Nortel VPN client
>
> needs
>
>>>over UDP.
>>>
>>>When I try to connect, the VPN client is able to
>>>authenticate and connect but then immediately (in less
>>>than 30 seconds) times out while trying to get Banner
>>>text (the message is, "Getting Banner Text from
>
> server").
>
>>>Any tips on what might be wrong here?
>>>
>>>I am able to connect only when I enable DMZ over a
>>>particular host, however I feel I am compromising
>>>security by enabling DMZ, more over I often have to
>>>connect multiple clients and DMZ allows only one client
>>>at a time to be on DMZ.
>>>
>>>.
>>>
>>
>>.
>>