×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Nortel BSR222 to Nortel BSR222 VPN Issues

Nortel BSR222 to Nortel BSR222 VPN Issues

Nortel BSR222 to Nortel BSR222 VPN Issues

(OP)
Here is the setup:

Business with two locations, each with a DSL connection with Static IPs. Internet traffic works flawlessly at both locations.

Site1: 192.168.1.0/24
Site2: 192.168.2.0/24

I have setup a VPN between the two sites, and the tunnel comes up and connects between the two BSRs, at least according to the SA Monitor on both ends. Yet, I am unable to ping any device on the other side of the tunnel from either side. I have redone the IP policies on both sides several times from single address to address range to the complete subnets and still have no connectivity through the tunnel. I have been working on this for two days now and have yet to find a rhyme or reason to the issue.

I have setup several of these before, and have never had this much trouble.

Any assistance would be most appreciated.

Thanks!

Jux VP

RE: Nortel BSR222 to Nortel BSR222 VPN Issues

Do you have the firewall turned on in the BS222? If so, test it with it disabled and if it works you'll need to create some rules.

RE: Nortel BSR222 to Nortel BSR222 VPN Issues

(OP)
That has been tried. Same result, the tunnel comes up but I am unable to pass traffic across the VPN tunnel. A strange thing has shown itself, though, and I am working with AT&T to see what can be done about it. I noticed that I was unable to ping the WAN IP from the other side. Each side has a Netopia DSL Router/Modem setup in bridge mode so that I can have one of the statics on the external interfaces of the respective BSR222. I am able to ping from each Netopia to its directly attached BSR222, but no ping packets appear to be traversing the Netopia to the "internal" side of the bridge from the other location. I have the firewall on the Netopia turned down as far as it will go (there is no disable option) and NAT turned off, which is exactly what I have done in the past during these sorts of setup, so the only thing I can conclude is that the Netopia is somehow blocking one of the needed ports for the tunnel to actually be complete, even though both BSR222s say the tunnel is up and viable.

My next step (assuming AT&T tells me to pound sand because the DSL is up) is to try and re-setup the Netopias in router mode and port-forward the needed VPN ports to the BSR222, but it has been my experience that this doesn't work very well. Unless someone can give me a different viable suggestion.

Thanks for your input, oldestgeek, it is much appreciated.

RE: Nortel BSR222 to Nortel BSR222 VPN Issues

(OP)
For those interested, it ended up being a configuration issue with the Netopia modems. The way to setup and expose the IP addresses changed with the new firmware update. Instead of just placing the external IP on the internal interface (which puts the old modems into de-facto bridge mode), you have to burn one of the five IP addresses that AT&T assigns you to the internal interface and then go into Security -> Stateful Inspection and add the 5-IP range to the Exposed IP Addresses list. Then Save and Restart. This will expose any device with a public IP to the Internet-at-large.

Hope this helps someone in the future.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close