Solved

XP routing table changes kill Nortel Contivity VPN client

Posted on 2004-10-20
5
2,378 Views
Last Modified: 2013-12-23
Ok here's a tricky one.

We have been given the Nortel Contivity VPN client as a solution to access systems that are external to out network that we do not control.  We also have an internal Cisco based site-to-site VPN that connects all of our offices together.  Our corportate subnet is 10.10.10.0/24 and this problemed branch office subnet is 10.10.45.0/24.  All of our internal systems work great.

OK here is the problem.  A user on an XP machine will connect to the systems external to our netowrk without a problem using the Nortel Client.  Once connected they can access the systems they need until XP changes its internal routing table.  The Nortel Client automatically disconnects after a routing table change by design.  These branch office machines (10.10.45.0/24) access several servers on the corporate network (10.10.10.0/24).  One of the branch machines accesses say 10.10.10.23 for email it adds that address to its routing table and disconnects the Nortel VPN.

I thought I would get by with scripting a route add in the logon script that adds a route to each XP machine that looks like the following (route add 10.10.10.0 MASK 255.255.255.0 10.10.45.1 METRIC 1).  Well as you can see below 10.10.10.18 was also added automatically to the routing table therefore, killing the VPN.  If all of 10.10.10.0 traffic is already routed then why is XP routing each IP additionally?  I have to find a way to stop this so I can keep the Nortel VPN up.  Any suggestions?

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 1f da 7c 61 ...... Broadcom NetXtreme 57xx Gigabit Controller - Pac
ket Scheduler Miniport
0x3 ...44 45 53 54 42 00 ...... Nortel IPSECSHM Adapter - Packet Scheduler Minip
ort
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.10.45.1     10.10.45.60       10
       10.10.10.0    255.255.255.0       10.10.45.1     10.10.45.60       1
      10.10.10.18  255.255.255.255       10.10.45.1     10.10.45.60       1
       10.10.45.0    255.255.255.0      10.10.45.60     10.10.45.60       10
      10.10.45.60  255.255.255.255        127.0.0.1       127.0.0.1       10
   10.255.255.255  255.255.255.255      10.10.45.60     10.10.45.60       10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        224.0.0.0        240.0.0.0      10.10.45.60     10.10.45.60       10
  255.255.255.255  255.255.255.255      10.10.45.60     10.10.45.60       1
  255.255.255.255  255.255.255.255      10.10.45.60               3       1
Default Gateway:        10.10.45.1
===========================================================================
Persistent Routes:
  None


Thanks!
JHarper
0
Comment
Question by:Jharper
  • 2
5 Comments
 
LVL 13

Expert Comment

by:masterbaker
ID: 12394313
Have you tried updating to the latest VPN client version?  You can go to Nortel's website to get a 30 day trial version of the latest client here:

http://www.nortelnetworks.com/products/01/contivity/multi_os/

I also found another similar problem to yours.  Here's a link to their post and the response:

http://www.broadbandreports.com/forum/remark,9677729~mode=flat

Sorry I don't have an exact fix for you.  I'll post back if I can come up with anything else.

Jeff
0
 
LVL 3

Author Comment

by:Jharper
ID: 12423470
Thanks for the suggestion Masterbaker..  The only way I've found to help the is to make the changes that I mentioned earlier.  I'll paste the piece of my Kixtart script below so that it may help someone else.

Shell ('%Comspec% /C route add 10.10.10.0 MASK 255.255.255.0 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.1 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.2 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.3 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.4 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.5 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.6 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.7 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.8 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.9 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.10 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.11 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.12 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.13 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.14 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.15 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.16 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.17 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.18 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.19 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.20 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.21 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.22 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.23 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.24 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.25 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.26 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.27 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.28 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.29 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
Shell ('%Comspec% /C route add 10.10.10.30 MASK 255.255.255.255 10.10.45.1 METRIC 1') ;Nortel VPN fix
0
 
LVL 3

Author Comment

by:Jharper
ID: 12524459
Mods:

Please close this question and refund my points.

Thank you,
Jharper
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12818484
PAQed with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question