Ipsec Mobility In Nat Environment; Routing Table Changes; Table 11 Configuration Considerations - Nortel Contivity 1100 Configuration Manual
Vpn router basic features
Hide thumbs
Also See for Contivity 1100:
- Connecting manual (6 pages) ,
- Install manual (218 pages) ,
- Installing (158 pages)
Table of Contents
Advertisement
152 Chapter 8 Configuring IPSec mobility and persistent mode
IPSec mobility in NAT environment
In some situations roaming in the environment of NAT devices might prevent
users from taking full advantage of IPSec mobility feature.
some configuration caveats that will allow to increase roaming effectiveness in
NAT environment.
Table 11 Configuration considerations
Initial NVC connection
was behind
No NAT
IPSec aware NAT
Non-IPSec aware NAT
*The appropriate IPSec group settings (Auto-Detect NAT, Always UDP Encap, or
Auto-Detect IPSec capable NAT) makes the initial connection successful. No
changes are required for roaming to work.
Routing table changes
Routing table changes apply to the Nortel VPN Client. When operating in split
tunneling mode, the NVC periodically checks the routing table on the client's PC
to determine if the table has been altered in any way. This checking is done for
security reasons to detect for intrusions and unauthorized access to the private
network. When a routing table change is detected the tunnel is brought down.
NN46110-500
After roaming NVC
connection is behind
No NAT
IPSec unaware NAT
IPSec aware NAT
No NAT
IPSec unaware NAT
IPSec aware NAT
No NAT
IPSec unaware NAT
IPSec aware NAT
Table 11
illustrates
Nortel VPN Router
configuration caveats to
make mobility work
successfully
None
Always NAT Traversal
Always NAT Traversal
None*
Always NAT Traversal or
auto-detect NAT
None*
None*
None*
None*
Hide quick links:
Advertisement
Table of Contents
