I am using a D-Link DI-304 for my office network over the LAN with ISDN connection. Internet works fine. As my...
company uses a global mail system through the VPN, I am encountering problems connecting to the VPN. Could you help me out in setting the router for Contivity VPN? To use a Nortel Contivity Extranet Access Client through your DI-304, you need to enable NAT Traversal in your Contivity switch. (Some routers support another alternative, VPN Passthrough, but your DI-304 does not appear to support that option.)
To activate NAT Traversal, the Contivity switch must be configured to "auto detect IPsec Capable NAT" in the policy Group used to authenticate your VPN client. If this option is enabled, the switch and VPN client detect the presence of any device in the path between them which is applying NAT (i.e., your DI-304 router). They then negotiate NAT Traversal during tunnel establishment and choose a UDP port through which to exchange UDP-encapsulated IPsec ESP. By encapsulating IPsec ESP (protocol 50) inside UDP, traffic can flow safely through any intervening router or firewall without requiring that device to allow protocol 50 (IPsec ESP) or implement a VPN Passthrough. For more information about NAT Traversal, see these IETF documents: draft1, draft2
Dig Deeper on Network Access Control
Related Q&A from Lisa Phifer
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
New and improved management features have made Android devices more suitable for enterprise use, and API and EMM tools can streamline the device ...continue reading
Whether you need a basic open source mobile device management tool for your company's Apple or Android devices, or something more customized, you ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.