Troubleshooting Nortel Contivity VPN over a wireless network

I am trying to connect to a Nortel Contivity VPN over a wireless network. It seems to be able to communicate with the VPN server, and gets as far as the "Getting Banner Text..." message.

However, it is never able to connect and login. If I watch the wireless monitor for my wireless adapter, it appears as though right when the VPN client is ready to take over the connection and route all traffic over the VPN, the wireless card loses contact with the base station, and is never able to reconnect.

I see the IP address for the wireless card go to in the instant that the VPN client finishes getting the configuration and begins to wait for the banner text.

I was wondering if you knew why this might be happening. I've searched endlessly on the Web for ideas on how to get this to work to no avail. Thanks for your help!
You can find a guide for troubleshooting Nortel Contivity problems .1059228407@@@@&BV_EngineID=cadchldmjlgebhkcginchgcgjg.0&level=6&category=8&subcategory=6&subtype=&DocumentOID=81398&RenditionID=REND37030>here (HTML) and release notes that describe known problems .1059229175@@@@&BV_EngineID=iadchledddmhbhkcginchgcgio.0&level=6&category=8&subcategory=7&subtype=&DocumentOID=86027&RenditionID=REND38728>here (PDF). I didn't spot your problem in either of these documents, but you may want to review them anyway. Off hand, I can think of two things that might be causing your problem:

  1. Usually, if you are able to get through IPsec (IKE) tunnel establishment, but then never get any traffic through after the tunnel is up, this indicates a NAT traversal problem. The Contivity does support NAT traversal, but this option must be enabled to use it, and you must be running compatible software versions. Your wireless router must also support IPsec NAT pass-thru. To learn more about Contivity NAT traversal problems and required settings, see this VPN mailing list post.
  2. Because you are seeing the wireless connection fail after the tunnel is established, you may be having a problem with the VPN tunnel being treated as a virtual adapter, and the OS noticing a change in link state that causes it to release/renew the adapter's DHCP address. You can quickly check to see if this is the problem by temporarily giving your WLAN adapter a static IP address in the same subnet that you normally get a dynamic IP address from. If the problem goes away, then suspect DHCP and Windows Media Sense as the culprits, and consult Microsoft's website for info about disabling Media Sense.

This was last published in March 2004

