×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Nortel VPN: Tunnel Establish but cannot ping

Nortel VPN: Tunnel Establish but cannot ping

Nortel VPN: Tunnel Establish but cannot ping

(OP)
Greetings -
We are having a problem in which a tunnel is established but you cannot ping from the remote site to the main site until the main site first pings the remote site.

Further Info:
Remote Site is a Nortel BSR222 configured as a branch office initiator.

Main Site is a Nortel VPN 1750 configured as a branch office responder.  The 1750 is located behind an Untangle firewall/router.  

The VPN soft client establishes a tunnel as expected and works with no problems.

When we attempt to ping the main site from the BSR222, the tunnel establishes right away.  I am still unable to ping anything at the main site.

Once I initiate a ping from the main site to the remote site, the ping responds.  Once this initial ping is done, I am able to ping from the remote site to the main.

Does anyone have any feedback?  Routing issue?  NAT problem?

RE: Nortel VPN: Tunnel Establish but cannot ping

Neither, but that is weird...

If it were routing OR NAT, the remote to main would NEVER work until the routing or NAT/NAT exemptions were fixed.

Sounds like a client issue to me, like the main site does not trust the remote site unless the main site initiates communications, then all is well. That is much like how Cisco's CBAC works...well, sort of.

Do pings continue to work after say a few hours, when all timers (like ARP cache, etc.) are expired?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

RE: Nortel VPN: Tunnel Establish but cannot ping

(OP)
Its strange, I'll test the timeout.  The tunnel is dropping after a few hours but I can see in the logs that the remote is deleting the tunnel.  

I will tell you that Nortel's VPN equipment is kinda crappy.  Its a little crazy to install and more over-priced than Cisco.
 

RE: Nortel VPN: Tunnel Establish but cannot ping

Any chance of switching to Cisco routers/ASA's? They are the best IMHO with everything, especially VPNs. They are solid machines, with AES-256 available for encrypting the IPSEC traffic, and much much more granular, as you can control NAT with acls, loopback interfaces, route maps, etc. and can control...well, everything! With the right IOS, you can also do DMVPN and/or GRE tunnels protected by IPSEC, or configured via profile (VTI tunnel), which is useful for passing protocols through (like routing protocols, OSPF, EIGRP, etc.). You can also configure site to site vpns and remote access vpns at the same time (at least in the ASA, not sure about routers, never tried). Just so much better at so many levels, and as you say, are less expensive than what you have now (which is hard to believe...lol). If you get SmartNet on them, there are many CCIEs to answer complex questions, which blows the competition way out of the water as far as customer service---they won't tell you to reboot if your car has a flat tire...lol.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

RE: Nortel VPN: Tunnel Establish but cannot ping

(OP)
I should have seen this coming, right?  

Telling me to buy a different product is NOT helpful.  People come here to get assistance with problems, not be told that Cisco is endorsed by Jesus and therefore all network gear should be Cisco.

Mods, Please delete this thread as it has obviously gone down a path that will offer no assistance of any value to anyone.   

RE: Nortel VPN: Tunnel Establish but cannot ping

If it were endorsed by Jesus, I would never recommend them. I'm Jewish.

Don't carry out your childish frustrations on the only person willing to help you. What would Jesus do?

Either fix your client software or sit there and be mad then...the others need to be warned about you, so hopefully this thread will not be deleted. If there is another reply, that means that you are checking up on this to see how I responded so that you can "one-up" me. I assure you, I give you the last word. And don't apologize to try and give me a guilt trip---I have no conscience :)

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close