IPSec/TCP 500 VPN Passthrough?

I have the exact same problem.

TC will not allow connections to Nortel Contivity servers.

I tried from PC (v4.65) and from Mac (Apani) versions of the client.

However, it did work fine with both the Airport Extreme and the DLink router that I had before 'upgrading' to Time Capsule.

You can reserve dhcp ip addresses based on the MAC address of the computer. So you run ipconfig /all on Windows or Network preferences on OS X, find out the MAC address, set that to a specific ip address, say 192.168.1.10, then port forward to that address for port 500. Then you don't have to mess with static ips on the actual computer, it still uses dhcp like normal.

I have the same problem since introducing the TC to my wireless network as the main 5Ghz 'n' (moved the original AE to bridge mode to support 2.4Ghz devices).

This is using the AT&T Global Network client from Vista under Boot Camp. For the record I get "Error 231 Timeout" messages.

If I plug the MBP straight into the router it works fine.

Hello,

I had the same problems with my Nortel Contivity VPN client V06.01_109. Always server time outs. The following solution solved my problem:

1.) Update your airport utility to 7.3.1
2.) Reserve a IP address based on your computers MAC address so that your TC dhcp gives you always the same IP address. You can do that with [airport utility]/[Internet]/[DHCP]/[DHCP-Reservations]
3.) Create a port forwarding under [airport utility]/[advanced]/[port forwarding].
a.) Create a customized port forwarding for public UDP port 500 to private UDP port 500 for the private IP address you assigned in step 2.) to your computer
b.) Create a customized port forwarding for public UDP port 10001 to private UDP port 10001 for the private IP address you assigned in step 2.) to your computer
c.) Create a customized port forwarding for public TCP port 50 to private TCP port 50 for the private IP address you assigned in step 2.) to your computer
d.) Create a customized port forwarding for public TCP port 51 to private TCP port 51 for the private IP address you assigned in step 2.) to your computer
4.) Update your TC
5.) Disable "Keepalives" in your Nortel Contivity tool under "options"
6.) Do not check "silent keepalives" in your Contivity client under "options"
7.) Try to establish a connection and wait until Contivity tried all availible connections.

I hope this will work.

well... I am having the same problem, have entered the mappings and still not working. I have the same version on the TC and same Contivity version running on XP Pro.

Would there be useful info in the log on my computer? How do I find the log??

Found the log file.. nothing with sufficient detail to help is logged.

I am at a loss, can some one give me a suggestion.

I am thinking that the port forwarded I set up is not correct. I believe I followed the suggestions, but as I have never used port forwarding it is the area that I am not at all confident about.

Maybe you can try to connect directly through your cable modem and check out the Contivity connection details. After you've established the connection you can click on the Contivity icon on the bottom....this will open the Nortel Contivity status window. Check out the port given under "IPSec NAT traversal". In my case it says "active on port 10001". Maybe it's different for your connection than you have to create a port forwarding for the given UDP port.

So, I do not reply much to discussions, but my issue with Nortel VPN took hours of my time to fix. Moving back to version 7.2.1 Firmware on my Airport Extreme did the trick. Good luck

I needed to downgrade to firmware version 7.2.1 to make the Nortel Contivity VPN Client work. There is something about version 7.3.1 that is preventing it from working. 7.2.1 works fine.

I don't know if 7.3.1 can be configured to make it work or whether this is a problem with the firmware.

I am running version 06_01.014 of the Nortel client.

While my VPN set up is different to yours, I had similar issues but then rang Apple Support and they got me to change the setting on the Time Capsule to Bridge Mode and everything works fine. I had used my previous Airport Extreme as the DHCP server, but with the Time Capsule in Bridge mode and changing the ADSL modem to the DHCP server , everything in the network connects and my VPN works as well.

Agreed I am running Nortel V06_07.026 which is the latest version for Vista and It worked fine until the upgrade. I downgraded to 7.2.1 and it works great again. This is with the above settings for the NAT port forwarding.

OK I don't know how I did it, but finally worked. I am using Nortel Contivity Client V04_86.100 and AEBS 7.3.1. I tried all the port mappings, booting the modem and router up in a certain sequence and played with router settings over and over and over again with no luck. And all of a sudden it connected. I was in such shock I disconnected and tried to connect again and it worked again. I started network apps and they are working. Here is what I have set up on my AEBS router.

I have my work laptop's MAC address set with a specific IP address (Under Internet/DHCP/DHCP Reservations). Port Mappings to UDP 500 & 24063 pointed to that specific IP address (Under Advanced/Port Mapping). I have seen others on this forum using ports 500 & 10001. You do need to find out what port mappings your software is using as they can be different. I believe 500 is used by default but the other one is important as it is listed as your IPSec NAT Traversal port when Nortel connects. Make sure under Advanced/IPv6 that 'block incoming IPv6 connections' is set and that the resulting IPv6 Firewall tab has 'Allow incoming IPSec Authentication' checked.

I did turn off Allow SNMP under Advanced/Logging & SNMP, although this shouldn't have any affect on it. It's just more secure.

Now realize that I had all of these set and it wouldn't work and I was about to give up like most others and revert to 7.2.1, but I tried connecting once more and it worked. I was playing with Nortel settings for Disable Keepalives (set to On) and the Silent Keepalives (set to Off) at the time but thought I had these set as well. We use a product called Fiberlink as a front-end interface for Nortel Contivity and I was trying to make sure those settings were correct, but was having trouble determining if I was getting it set where it was using those settings. Then I tried it and it let me in. Now it's just a matter of testing it out further, especially if it will connected again after the laptop is rebooted.

Unfortunately I am going to be gone for a week, but you bet I will try it out further and give it a good test my first day back to work.

I still can't connect using my Contivity VPN software via my TC. Nor can my wife on her XP notebook.

I am not sure I have the port forwarding set up properly. Not even sure which ports to forward. I assume my wife and mine may use different ports as we work for two different companies and they may be configured differently. How do I determine what ports Contivity uses to connect to the server?

Currently I have UDP 500 and 10001, and TCP 50 and 51 forwarded to Private IP Address 10.0.1.2 which is associated with the wireless MAC on my Dell Notebook.

To implement the Port Mapping I have 3 entries in each of the 4 entries... the port number in the Public box, the same number in the Private box, and the Private IP Address of 10.0.1.2 entered. I did not enter a service.

I have seen comments that the AEBS 7.3.1 is the problem and that I should install 7.2 but have not been able to confirm that I can even use 7.2 with a TC. Apple update says the update is for bug and security updates.

@Kjotis: You can find your port by connecting to your computer directly to your DSL or Cable Modem and connecting to your Nortel VPN at work and the Nortel connection screen will show a line called 'IPSec NAT Traversal'. You will need to map port 500 and this port number. You can also call your help desk at work and ask them to find out what port your router will use for Nortel VPN connection so you can open it up in your firewall. You also need to make sure that the Nortel Options Disable Keepalives is checked and the Silent Keepalives are not checked. Also make sure that IPSec is enabled on your TC which is found under Advanced on my AEBS.