Firewall Wizards mailing list archives
RE: PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700
From: "Noonan, Wesley" <Wesley_Noonan () bmc com>
Date: Fri, 16 May 2003 19:26:09 -0500
Here is a snapshot of my config: crypto ipsec transform-set strong esp-des esp-sha-hmac crypto map towork 20 ipsec-isakmp crypto map towork 20 match address 90 crypto map towork 20 set peer w.x.y.z crypto map towork 20 set transform-set strong crypto map towork interface outside isakmp enable outside isakmp key ******** address w.x.y.z netmask 255.255.255.255 isakmp identity address isakmp policy 9 authentication pre-share isakmp policy 9 encryption des isakmp policy 9 hash sha isakmp policy 9 group 1 isakmp policy 9 lifetime 2880 Gotchas that we had: 1) Nortel didn't like AH. Use ESP instead. 2) SHA was the only hash that seemed to want to work 3) Make sure that your lifetime and the ACL of permitted networks exactly matches your Nortel. Once we got past those bumps, we were good to go. HTH Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+ Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonan () bmc com http://www.bmc.com
-----Original Message----- From: Sutantyo, Danny [mailto:DSutantyo () livingstonintl com] Sent: Friday, May 16, 2003 14:42 To: 'salgak () speakeasy net'; 'firewall-wizards () honor icsalabs com' Subject: RE: [fw-wiz] PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700 So is it regular config? Using 3DES and group 2? dS -----Original Message----- From: salgak () speakeasy net [mailto:salgak () speakeasy net] Sent: Friday, May 16, 2003 03:41 PM To: Sutantyo, Danny; 'firewall-wizards () honor icsalabs com' Subject: Re: [fw-wiz] PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700-----Original Message----- From: Sutantyo, Danny [mailto:DSutantyo () livingstonintl com] Sent: Friday, May 16, 2003 05:34 PM To: 'firewall-wizards () honor icsalabs com' Subject: [fw-wiz] PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700 Hi, Has anyone tried to establish VPN from PIX to Nortel Contivity? Any caveat or idea?2 jobs back, we had a system that passed through Contivity and PIX, but each was a gateway out of a small network: We did Contivity VPN back to our 4500, and the other people did PIX back to their cloud. It worked. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700 Sutantyo, Danny (May 16)
- <Possible follow-ups>
- Re: PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700 salgak (May 16)
- RE: PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700 Sutantyo, Danny (May 16)
- RE: PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700 Noonan, Wesley (May 17)
- RE: PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700 Sutantyo, Danny (May 24)