Hi,

I have a user that needs to connect to a banking application via Nortel VPN, which uses IPsec. I configured the rotuerOs for VPN but that did not work. Basically the client is on wireless hotspot on the MT and has the Nortel VPN/Ipsec client software to connect to the bank on the WAN side of the MT.

Can some on provide a detailed config on how to setup IPsec for this situation?

Regards,
Robert Macri

No VPN setup is required on the router as the tunnel is between the client and the bank's VPN concentrator.

If your router is doing NAT then this can cause IPSEC to break. You'd need to turn on whatever NAT traversal options are available in the client software.

Regards

Andrew

Hi,

We tried that and it did not work. I was thinking of doning a one-to-one nat on a public IP. If I route all protocols for IPsec to a fixed IP that I will give the client on the LAN and Public IP on the WAN. Any ideas if this will work?

Regards,
Robert Macri

Robert

One-to-One nat is still nat. How far you get depends on which protocol they're using. AH is a definate no-go. I've seen ESP work through NAT but it's not recommended. If they're doing NAT-T then the whole IPSEC packet is wrapped in UDP or TCP which stands a much better chance of working.

Generate some logs from the client app because otherwise we're just guessing as to what's happening.

Regards

Andrew