Nortel Networks NN46110-602 User Manual

Page 88

Advertising
background image

88 Chapter 4 Troubleshooting

NN46110-602

When 10.1.2.3 broadcasts to find a network neighbor, it (incorrectly) sends to
10.255.255.255. Normal routing functionality does not forward such a packet. The
VPN Router finds the best match among its physical interfaces (10.1 in this case)
and modifies the broadcast to be correct for that interface (10.1.255.255 here).

In this example, if the VPN Router’s 10.1 interface was configured with any
subnet mask other than 255.255.0.0, the broadcast would not have been converted
as desired.

What should I do about subnets?

Configure every private interface on the VPN Router to have the same subnet
mask as all of the clients residing on that subnet.

Why is there a delay in discovering the Network Neighborhood
(with tunnels)?

NetBIOS treats the modem interface as if it is two different interfaces: the original
modem and the tunnel. It designates the original modem as the primary interface.
(You can observe this by typing

route print

in a DOS command shell.) If you

tunnel over a LAN instead of a modem, the LAN adapter is designated as the
primary interface.

When first instructed to seek the Network Neighborhood, NetBIOS always tries
the primary interface first. This is always the wrong choice because NetBIOS tries
to send using the IP address assigned by the ISP (or possibly the address of
another adapter) instead of the address assigned to the tunnel by the VPN Router.

The outcome is somewhat different for IPsec and PPTP. For IPsec, the client
recognizes this incorrect behavior and refuses to even send the packets. You can
see a counter of the number of invalid packets of this type on the client under the
status Invalid IP address.

With PPTP, the client does send the packets, but they are rejected at the VPN
Router as invalid tunneled packets because the source address does not match the
VPN Router-assigned address. If you inspect the event log, there are messages of
the form Bad source address in tunnel and the session/details counter for source
address drops increases.

Advertising
Popular Brands
Popular manuals