After setting up wireless router, I can no longer get on the VPN

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Wireless networking How radio frequency (RF) of microwaves alter wireless signal strength Stolen laptop recovery using remote access and wireless network SSIDs How is wireless access point (AP) coverage affected by frequency? Wireless AP SSID and channel configuration for a distribution network How 802.11n wireless APs in Greenfield mode affect nearby networks Monitoring your network to detect rogue access points (APs) Will 802.11x wireless products be compatible with 802.11n? How to find an SSID and identify neighboring WLANs How to create a Wi-Fi hotspot How to stop channel interference on 802.11x wireless access points WLAN Security Wireless LAN security: SonicWall joins crowded WLAN market Stolen laptop recovery using remote access and wireless network SSIDs Enterprise wireless LAN security: 802.11 and seamless wireless roaming Monitoring your network to detect rogue access points (APs) Persistent, secure connections for roaming WiMAX, 3G and 802.11x 802.11n's impact on WLAN security Set up secure wireless networks with 802.11x, access points and bridges How wireless network encryption affects signal strength, connectivity New PCI compliance rules ban WEP, tighten wireless LAN security How to avoid the WPA wireless security standard attack

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

The symptom you describe ("Checking for banner text" when using the Nortel Contivity VPN client) is a very common indicator of Network Address Translation (NAT) problems. In short, your VPN tunnel is being established (i.e., IKE gets through your router), but incoming VPN traffic is being blocked (i.e., IPsec ESP does not get through your router). Your VPN client is waiting to receive expected "banner text" that is being blocked, and eventually times out.

There are two ways for VPN clients to successfully make it through a NAT-ing device like a broadband/wireless router: VPN pass-through and NAT traversal.

1. With VPN pass-through, the NAT-ing device observes VPN tunnel establishment and uses something to map arriving VPN data to the inside host that established the VPN tunnel. For example, when using IPsec VPNs, the NAT-ing device may forward inbound ESP (protocol 50) to the host that previously sent outbound IKE (UDP port 500) traffic. It is not unusual for this approach to work for one VPN tunnel at a time, or to work better with some VPN clients than others.

2. With NAT traversal, the VPN client and gateway collaborate to avoid needing anything special from the NAT-ing device. They do this by detecting the presence of a NAT-ing device during tunnel establishment and agreeing to encapsulate VPN traffic inside a standard UDP envelope. The VPN client wraps outbound ESP inside a UDP header -- the NAT-ing device just sees a regular UDP packet and translates IP address and UDP port in the normal fashion. The VPN gateway sends ESP inside UDP as well, letting the NAT-ing device use the same IP address and UDP port number to map inbound packets back to the right VPN client.

The Netgear MR814 supports IPsec VPN pass-through, although I have seen some user posts suggesting that it only supports one tunnel at any given time. Your Nortel Contivity VPN client supports NAT traversal, although this option must be enabled on the VPN gateway to use it. I'm guessing that the MR814's VPN pass-through implementation isn't compatible with your version of the Contivity VPN client, but enabling NAT traversal would help.

Many users resolve this problem by contacting their VPN administrator to ask whether they need to use a newer version of their VPN client or connect to a different VPN gateway that has NAT traversal enabled. It is also possible that you need reconfigure your wireless router to unblock the UDP port used by NAT traversal. Consult Nortel's website (PDF) for a good description of this problem and possible resolutions, including figures that illustrate Contivity NAT traversal configuration.