I am using a D-Link DI-304 for my office network over the LAN with ISDN connection. Internet works fine. As my...
company uses a global mail system through the VPN, I am encountering problems connecting to the VPN. Could you help me out in setting the router for Contivity VPN? To use a Nortel Contivity Extranet Access Client through your DI-304, you need to enable NAT Traversal in your Contivity switch. (Some routers support another alternative, VPN Passthrough, but your DI-304 does not appear to support that option.)
To activate NAT Traversal, the Contivity switch must be configured to "auto detect IPsec Capable NAT" in the policy Group used to authenticate your VPN client. If this option is enabled, the switch and VPN client detect the presence of any device in the path between them which is applying NAT (i.e., your DI-304 router). They then negotiate NAT Traversal during tunnel establishment and choose a UDP port through which to exchange UDP-encapsulated IPsec ESP. By encapsulating IPsec ESP (protocol 50) inside UDP, traffic can flow safely through any intervening router or firewall without requiring that device to allow protocol 50 (IPsec ESP) or implement a VPN Passthrough. For more information about NAT Traversal, see these IETF documents: draft1, draft2
Dig Deeper on Network Access Control
Related Q&A from Lisa Phifer
Understanding the functions of a wireless access point vs. wireless router will help you deploy the right device for the right circumstance.continue reading
Learn the difference between a site-to-site VPN and a remote-access VPN, as well as the protocols used for each one.continue reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.