We make mistakes. Things crack and break.

Oct. 22nd, 2004 03:36 pm
reddragdiva: (Default)
[personal profile] reddragdiva

I have a Shiny New Work Laptop, a Dell Latitude C610. I wish it weighed half as much, but apart from that it's just fine. (It'd rate "lovely" if it had a DVD drive.)

I am on call starting next Monday evening. I am having VPN problems — it connects for a few minutes, then data stops flowing (though the connection doesn't drop). Apparently the NAT on a Speedtouch 510 (our DSL modem) blocks a few ports too many by default (and there's no way to bypass the NAT). Does anyone have clues on what needs to be unblocked for a Cisco VPN to work? I found instructions for a Nortel VPN ...

This morning I connected from home, crashed one of the two mail servers ("well, that sure broke the mirror"), went into the colo and waited two hours for the Sun engineer to show and replace the bad disk. Then I got to fix all manner of Solstice DiskShite problems with one chapter of the manual to hand. Learning by pitfall — it's a bit of a stress, but it focuses the attention marvellously.

Tonight will hopefully be the Voices of Masada gig.

Flat | Top-Level Comments Only

(no subject)

Date: 2004-10-22 08:22 am (UTC)
From: [identity profile] arkady.livejournal.com
Oh, and this?

VPN Passthrough for SpeedTouch 570, 510 and 530 modems

Jonathan Shearman from www.conexus.com.au reports the following procedure for people having difficulties with VPNs.

The SpeedTouch 570, 510 and 530 modems incorporate an ALG (application level gateway) in the firmware. This allows the modem to recognise certain protocols such as IPSEC and preserve PORT in the NAT translation table which is a critical requirement for ensuring VPN connectivity. However certain VPN clients (and Nortel Contivity is one) have a proprietary protocol for VPN solutions and as such the modem's ALG will not be able to recognise the protocol and preserve the port through the NAT table translation. The problem is related to the way floating ports are implemented in Contivity.
The following commands will address this issue and provide a fix.
----------------------------------------
In order to implement these commands, you need to access the Speedtouch via Telnet and the 'command line interface' [CLI].
To access the SpeedTouch CLI interface, in the Windows Start menu of a computer connected directly to the SpeedTouch, select Run.
Enter 'telnet 10.0.0.138' [which provides Telnet access to the SpeedTouch via its internal IP address].
Enter password if necessary, otherwise, press Enter. [Note this is the MODEM password, not the ISP password, and may not be required if user has not specified it.]
This will produce a telnet session window with a => prompt.
At the prompt, enter command 'nat unbind application=ESP port=1' or 'nat unbind application=ESP'. [these are interchangeable but must be entered exactly as shown, without the ']
Then enter 'nat unbind application=IKE port=500'.
Then enter 'config save'
Then terminate the Telnet session.
Flat | Top-Level Comments Only

Profile

reddragdiva: (Default)
divabot
My Website

March 2022

S M T W T F S
  12 345
6789101112
13141516171819
20212223242526
2728293031  

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Top of page