Solved

XP routing table changes kill Nortel Contivity VPN client

Posted on 2004-10-20
5
2,351 Views
Last Modified: 2013-12-23
Ok here's a tricky one.

We have been given the Nortel Contivity VPN client as a solution to access systems that are external to out network that we do not control.  We also have an internal Cisco based site-to-site VPN that connects all of our offices together.  Our corportate subnet is 10.10.10.0/24 and this problemed branch office subnet is 10.10.45.0/24.  All of our internal systems work great.

OK here is the problem.  A user on an XP machine will connect to the systems external to our netowrk without a problem using the Nortel Client.  Once connected they can access the systems they need until XP changes its internal routing table.  The Nortel Client automatically disconnects after a routing table change by design.  These branch office machines (10.10.45.0/24) access several servers on the corporate network (10.10.10.0/24).  One of the branch machines accesses say 10.10.10.23 for email it adds that address to its routing table and disconnects the Nortel VPN.

I thought I would get by with scripting a route add in the logon script that adds a route to each XP machine that looks like the following (route add 10.10.10.0 MASK 255.255.255.0 10.10.45.1 METRIC 1).  Well as you can see below 10.10.10.18 was also added automatically to the routing table therefore, killing the VPN.  If all of 10.10.10.0 traffic is already routed then why is XP routing each IP additionally?  I have to find a way to stop this so I can keep the Nortel VPN up.  Any suggestions?

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 1f da 7c 61 ...... Broadcom NetXtreme 57xx Gigabit Controller - Pac
ket Scheduler Miniport
0x3 ...44 45 53 54 42 00 ...... Nortel IPSECSHM Adapter - Packet Scheduler Minip
ort
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.10.45.1     10.10.45.60       10
       10.10.10.0    255.255.255.0       10.10.45.1     10.10.45.60       1
      10.10.10.18  255.255.255.255       10.10.45.1     10.10.45.60       1
       10.10.45.0    255.255.255.0      10.10.45.60     10.10.45.60       10
      10.10.45.60  255.255.255.255        127.0.0.1       127.0.0.1       10
   10.255.255.255  255.255.255.255      10.10.45.60     10.10.45.60       10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        224.0.0.0        240.0.0.0      10.10.45.60     10.10.45.60       10
  255.255.255.255  255.255.255.255      10.10.45.60     10.10.45.60       1
  255.255.255.255  255.255.255.255      10.10.45.60               3       1
Default Gateway:        10.10.45.1
===========================================================================
Persistent Routes:
  None


Thanks!
JHarper
0
Comment
Question by:Jharper
  • 2
5 Comments
 
LVL 13

Expert Comment

by:masterbaker
ID: 12394313
Have you tried updating to the latest VPN client version?  You can go to Nortel's website to get a 30 day trial version of the latest client here:

http://www.nortelnetworks.com/products/01/contivity/multi_os/

I also found another similar problem to yours.  Here's a link to their post and the response:

http://www.broadbandreports.com/forum/remark,9677729~mode=flat

Sorry I don't have an exact fix for you.  I'll post back if I can come up with anything else.

Jeff
0
 
LVL 3

Author Comment

by:Jharper
ID: 12423470
Thanks for the suggestion Masterbaker..  The only way I've found to help the is to make the changes that I mentioned earlier.  I'll paste the piece of my Kixtart script below so that it may help someone else.

Shell ('%Comspec% /C route add 10.10.10.0 MASK 255.255.255.0 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.1 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.2 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.3 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.4 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.5 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.6 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.7 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.8 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.9 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.10 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.11 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.12 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.13 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.14 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.15 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.16 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.17 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.18 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.19 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.20 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.21 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.22 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.23 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.24 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.25 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.26 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.27 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.28 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.29 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.30 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
0
 
LVL 3

Author Comment

by:Jharper
ID: 12524459
Mods:

Please close this question and refund my points.

Thank you,
Jharper
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12818484
PAQed with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Resolve DNS query failed errors for Exchange
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now