With the recent surge in gas prices many employers and employees have taken to telecommuting. The surge has given rise to an avalanche of trouble tickets and support calls from folks trying to use their employers virtual private network solution from their home personal computers and broadband connections.
One typical problem that some users might encounter when using the Nortel VPN client is the “Checking for banner text” message. During the initial stage of connecting the Nortel VPN client will display the “Checking for banner text” message and then either become unresponsive or report to the user that the connection was lost.
Let me paraphrase from the Nortel documentation:
A common reason for the banner message to stop responding is a firewall or router, placed somewhere along the path from the remote computer to the gateway, which blocks ESP or Authentication Header (AH) traffic. The firewall can be a personal firewall installed on the remote computer, a firewall or router at the Internet Service Provider (ISP), or a corporate firewall. In this situation, IPsec Internet Security and Key Management Protocol (ISAKMP) traffic that negotiates the tunnel establishment goes through the tunnel, but the ESP- or AH-encapsulated traffic inside the tunnel does not get through. When the banner text is retrieved through the established tunnel, the banner message or other traffic secured by the ESP or AH never reaches the client and the Nortel VPN Client continues to wait for a response from the gateway until a timeout period is reached. To resolve this issue, ensure the following traffic is allowed to pass through the firewalls along the path:
UDP protocol (17) port 500, both inbound and outbound
ESP protocol (50), both inbound and outbound
AH protocol (51), both inbound and outbound
The same scenario occurs as in the previous section if Network Address Translation Transversal (NAT-T) is configured and the firewall blocks the UDP port selected for NAT-T along the path. To resolve this issue, you’ll need to ensure the port that is being utilized can pass through the firewalls on a personal, corporate, or ISP level. You’ll need to contact whomever is managing the VPN router to determine which UDP port you might need to open.
Cheers!
The banner issue happens each time my original connection drops and I try to reconnect. In some case just loging out from windows and loging back in is sufficient to clear the issue… in some case I need to reboot…
Since most of the time the connections and reconnection after stand-by (unless the connection started to be unresponsive suddenly) works fine, I suppose the issue is not one of the firewalls… but more like a cached state on my windows laptop…
Any idea about that and how to clear that state without a long and painful logout?
Thanks,
Chris.
Hi Chris,
Unfortunately there’s something preventing the client from functioning properly. What version of the NVC (Nortel VPN Client) are you running? You might try upgrading to the latest available version.
Good Luck!
Did you ever find a solution to this issue?
Hi DanLau,
Assuming you don’t have something blocking your IPSec traffic there was a known bug in the Avaya VPN Client that was recently addressed.
You should probably update to the latest version.
http://blog.michaelfmcnamara.com/2011/12/avaya-vpn-client-release-10-05-150-for-windows-7/
Good Luck!
Actually I got same issue on Avaya VPN Client Release 10.05.150 for windows 7(x64).
how i can disable the banner?
It’s controlled in the Avaya (formerly Nortel) VPN router. You’ll find the option under the group settings for that user(s).
Cheers!
I fixed this kind of issue after installing old version of SEP (uninstall the latest version).
What do I need to change in the group settings?
Hi Manohar,
What exactly are you looking to-do? You’ve haven’t told me what you are trying to-do so I can’t tell you what you “need to change in the group settings”.
Good Luck!
hi,
I’m unable to connect to Avaya VPN Client when I use certain internet connections (e.g. a different service provider, or a different router type). I usually get the message ” The banner was not received or user did not acknowledge the banner” which comes after “Successfully authenticated to VPN”. In short, the banner never arrives!
Is it a firewall problem of the client (my computer) or of the internet service provider?
But if it’s the case of the Provider – how come some of my colleagues using the same provider are able to connect without issues?
Above you mentioned that it must allow traffic on the aforementioned ports.. is this something i have to do on my PC? Or I have to tell my provider?
Hi Koi,
It could be the firewall or anti-virus application on your desktop/laptop. In general it means the traffic is being blocked. Now with that said there was a bug in one of the software releases that exhibited the same error message even though nothing was being blocked – see the Related posts links above solution was to upgrade to newer client. There was also a known issue trying to connect over a wireless connection in some specific versions that caused the same error message.
I would suggest you compare your colleagues version of the client.. that might offer a quick fix.
Good Luck!
How do I check if an anti-virus application is blocking traffic?
Hi Josef,
You could try disabling or un-installing the anti-virus application.
Cheers!
Hello,
I’m also having encountering the same issue as Koi when connecting to Avaya VPN Client 10.06.104.
The error is as follows:
“Failed to connect for the following reason: The banner message from the VPN Router was not received, or the user didn’t acknowledge the banner. Please contact your Network Administrator or Helpdesk for assistance.”
I also encountered this error in versions 10.05.150 and 10.06.022.
I also extracted the logs, in case it would help. Please see below:
1/4/2013 15:14:42.412 [CFGA] -W-Runtime reported exception 0x490 = 1168
1/4/2013 15:14:42.412 [CFGA] -E-Warning! Specified profile not found.
1/4/2013 15:14:45.345 [GUIW] -I-Received option set message from engine.
1/4/2013 15:14:47.248 [ENGS] -I-IPSec Tunnel Connection initiated to using Diffie-Hellman group 8.
1/4/2013 15:14:47.654 [GUIW] -I-Received negotiation in progress message from engine.
1/4/2013 15:14:47.732 [ENGS] -I-Enter: DynamicDnsCleanup.
1/4/2013 15:14:47.732 [ENGS] -I-Starting Isakmp again with next DH group.
1/4/2013 15:14:49.650 [ENGS] -I-IPSec Tunnel Connection initiated to using Diffie-Hellman group 2.
1/4/2013 15:14:50.181 [ENGS] -I-IPSec ISAKMP SA established with Server.
1/4/2013 15:14:53.332 [ENGS] -I-Authentication successful.
1/4/2013 15:14:53.363 [ENGS] -I-Assigned IP Address .
1/4/2013 15:14:53.363 [ENGS] -I-Keepalive interval set to 60 second(s).
1/4/2013 15:14:53.363 [ENGS] -I-Maximum keepalive retransmissions set to 3 retries.
1/4/2013 15:14:53.363 [ENGS] -I-Split tunneling enabled.
1/4/2013 15:14:53.363 [ENGS] -I-Domain name set to “”.
1/4/2013 15:14:53.363 [ENGS] -I-Primary Domain Name Server “”.
1/4/2013 15:14:53.363 [ENGS] -I-Secondary Domain Name Server “”.
1/4/2013 15:14:53.363 [ENGS] -I-Primary WINS Server “”.
1/4/2013 15:14:53.363 [ENGS] -I-Secondary WINS Server “”.
1/4/2013 15:14:53.363 [ENGS] -I-Saving Password on client is turned Off.
1/4/2013 15:14:53.363 [ENGS] -I-Primary Failover “”.
1/4/2013 15:14:53.363 [ENGS] -I-Secondary Failover “”.
1/4/2013 15:14:53.363 [ENGS] -I-Tertiary Failover “”.
1/4/2013 15:14:53.363 [ENGS] -I-NAT Traversal invoked.
1/4/2013 15:14:53.363 [ENGS] -I-Received NAT Keepalive value of 18 seconds from server.
1/4/2013 15:14:53.363 [ENGS] -I-Received Dynamic DNS update control flag, value 01.
1/4/2013 15:14:54.362 [ENGS] -I-Setup VPN IP Address successfully.
1/4/2013 15:14:57.965 [ENGS] -I-IPSec vpn interface is fully ready.
1/4/2013 15:14:58.59 [ENGS] -I-Banner retrieving start.
1/4/2013 15:14:58.340 [CFGA] -W-Runtime reported exception 0x490 = 1168
1/4/2013 15:14:58.340 [CFGA] -E-Warning! Specified profile not found.
1/4/2013 15:14:59.385 [ENGS] -E-Banner socket() timed out.
… …
1/4/2013 15:16:09.330 [ENGS] -E-Banner socket() timed out.
1/4/2013 15:16:09.330 [ENGS] -I-Enter: DynamicDnsCleanup.
1/4/2013 15:16:09.330 [ENGS] -I-IPSecCloseTunnel: IP Address Deleted.
1/4/2013 15:16:09.330 [ENGS] -I-IPSec tunnel is down!
1/4/2013 15:16:09.517 [GUIW] -I-Received tunnel abort message from engine.
1/4/2013 15:16:10.2 [GUIW] -I-Received idle message from engine.
Thank you for your time.
The above log is exactly the same thing I am encountering. How do I disable the anti-virus?
That would depend on which anti-virus solution you have… some are as easy as just right clicking on the icon in the task tray and selecting “Disable protection” or similar verbiage.
Good Luck!
hi i have exact error as snowman posted above.
i have Avaya version 10.06.200 and also tried version AVC64-10.05.150, however i see the same error.
my co-worker has same PC and same version but theirs are working fine.
can you please advise what can be checked and fix this problem?
thanks tons!