MY first suspicsion would be the Linksys WRT54GX-v2. You see I have this exact router with the same firmware and the box is unreliable as all hell. I basically have to reboot it once a day. I've already struggled through LInksys once with no help. I keep hoping the box dies entirely and I just have a lemon, but it could just be firmware bugs. Linksys early revs are commonly riddled with bugs.
IPSEC passthrough should be what makes it work. AH/ESP are separate IP-based protocols. They aren't part of TCP or UDP so you can't specify port forwarding for protocol 50 & 51. At least of these will likely be used by the client. Also some of the communications (port
500 if I recall) can't get nat'd, it screws it up. You might have to turn off the firewall functions. I'm using a different brand VPN and mine works from home fine.
Check on the Nortel Client for a PASS THROUGH option. I think that is the term they use. Actually on the Nortel contivity they used to call it something like NAT TRAVERSAL or TRANSPARENCY. VPN clients usually have an alternate method to get around routers. HOwever your VPN profile on the VPN gateway at work must allow NAT traversal. This solved issues with some home setups in my previous company's Nortel VPN deployment.
"f>Hi,
>I have the following situation:
>
>I'm trying to connect to my employers VPN service from home. I have
>ADSL with a provider called Bredbandsbolaget (Swedish). When I connect
>my stationary computer or my laptop directly to the ADSL modem, the VPN
>works fine. When I connect my Linksys router to the modem and then the
>stationary PC to the router or the laptop to the router via 802.11g
>then the VPN client doesn't work.
>
>I have the following equipment:
>
>no-name ADSL modem looks very much like an Alcatel Speedtouch
>Linksys WRT54GX-v2 wireless router/switch/firewall with 2.00.8 firmware
>(latest available)
>PC with WinXP Pro SP2, windows firewall disabled, Norton AV.
>laptop with WinXP Home SP2, windows firewall disabled, McAfee AV. >
>Nortel Contivity Client 5.01d
>
>I have tried the following suggestions separately and together:
>
>Opened IPSEC passthrough in the router
>Opened UDP ports 500, 8000 (needed by employer), 1723
>Put the PC on the DMZ (if this fails then it must mean its not a port >problem right?)
>Assigned a static IP to the PC outside of the DHCP range of the router
>reflashed the firmware in the router (note that the router works fine
>in every other aspect other than using VPN)
>
>For one thing, IPSEC passthrough doesnt seem to work in this router,
>because all it should do is open up port 500 UDP, but if I enable this,
>the the host name cannot be reached. As soon as I open port 500 UDP
>manually, then the host can at least be reached! Also, using port
>forwarding does not work either--I have to enable port 500 with port
>triggering. I do not understand why this is different, but it doesn't
>seem right. I opened a port for FTP and BitTorrent using port
>forwarding and these both work fine! Once I open these ports (500 &
>8000) then I get past the initial contact stage and then it hangs on a
>message saying "Retrieving banner text".
>
>According to a Nortel tech document, this means I have a router
>blocking NAT traffic. Unfortunately, they give no real solution--they
>just explain all about NAT and ESP/AH etc etc. I have colleagues with
>all-in-one ADSL modems/routers that can connect without problems, but I
>have not found anyone else who has a separate modem and router. I have
>spoken to Linksys support many times and received dumbass suggestions
>that have not solved the problem. I am sick of hearing "have you
>flashed the router with the latest firmware". Yes, I have. Twice. I
>have also tried an old Netgear RP614 router and it has the same issue,
>so I suspect it's a problem with NAT not getting through the modem then
>router to the PC rather than it being a pure Linksys fault.
>
>If anyone has any advice I would very much appreciate it.
>
>Regards,
>Andrew
DiGiTAL_ViNYL (no email)