I am using a D-Link DI-304 for my office network over the LAN with ISDN connection. Internet works fine. As my...
company uses a global mail system through the VPN, I am encountering problems connecting to the VPN. Could you help me out in setting the router for Contivity VPN? To use a Nortel Contivity Extranet Access Client through your DI-304, you need to enable NAT Traversal in your Contivity switch. (Some routers support another alternative, VPN Passthrough, but your DI-304 does not appear to support that option.)
To activate NAT Traversal, the Contivity switch must be configured to "auto detect IPsec Capable NAT" in the policy Group used to authenticate your VPN client. If this option is enabled, the switch and VPN client detect the presence of any device in the path between them which is applying NAT (i.e., your DI-304 router). They then negotiate NAT Traversal during tunnel establishment and choose a UDP port through which to exchange UDP-encapsulated IPsec ESP. By encapsulating IPsec ESP (protocol 50) inside UDP, traffic can flow safely through any intervening router or firewall without requiring that device to allow protocol 50 (IPsec ESP) or implement a VPN Passthrough. For more information about NAT Traversal, see these IETF documents: draft1, draft2
Dig Deeper on Network Access Control
Related Q&A from Lisa Phifer
The enterprise mobility management market for wearable devices is in its infancy, but IT can still use existing EMM tools to manage wearables.continue reading
Wireless expert Lisa A. Phifer explains to what extent WEP cracking remains a worrisome issue. It all depends on your company's WLAN security policy.continue reading
Wireless expert Lisa A. Phifer explains why you shouldn't stop using 802.1X authentication methods for enterprise WLAN access control.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.