Is anyone out there successfully using a Nortel Contivity VPN client with CPF 3? I’m running XP Pro and Contivity client 4_65.18. I can’t seem to get a connection through, though. I won’t go into the details; you can find them here:
(Second edit: I have edited the rules since the initial post; I have split the IN and OUT rules for UDP 500 – ptfreed, 12/11/2007)
I finally got it working - see the thread posted in my initial request for details. Here, though, are the rules I ended up adding. (I am using Contivity 4_65.18 with Windows XP):
I have two Network Zones defined:
Contivity - Public IP
Contivity - Private IP
The first of these is a list of the public interfaces of Contivity VPNs that I connect to. The second contains the internal IP address that corresponds to each of these VPNS. Most traffic is actually addressed to these internal IPs. So, for instance, I might have a line in “Contivity - Public IP” that reads
host = vpn.mycompany.com
and a corresponding line in the Private IP section that reads
IP = 192.168.15.1
The rules I needed to add were:
Extranet.exe (which is the Contivity executable):
Allow UDP OUT From (port 500 at Any IP) to (port 500 at “Contivity - Public IPs”)
Allow UDP IN From (port 500 at “Contivity - Public IPs”) to (port 500 Any IP)
Allow TCP OUT to port 17 “Contivity - Private IPs”
Allow TCP OUT to port 586 “Contivity - Private IPs”
System Idle Process:
Allow IP protocol 50 OUT to “Contivity - Public IPs”
No, you could PM your requested changes to the rules to a Mod or ask them to reopen it for a short period so you can make the changes. OR send them to me for addition to the Wiki (still in its early stages)
or join the wiki and add them yourself
Seems reasonable. At this point I’m pretty sure the rules I have reported are correct and complete – at least with respect to the Contivity VPNs that I have access to. If there is any new info, it probably belongs in a new thread.
Joining the Wiki sounds like a good idea; is it available somewhere? Or is it still in “alpha”?