Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700

From: "Sutantyo, Danny" <DSutantyo () livingstonintl com>
Date: Fri, 23 May 2003 12:09:05 -0400
How about static command? I know I have to use NAT 0 for certain network?

Thanks
Danny

-----Original Message-----
From: Noonan, Wesley [mailto:Wesley_Noonan () bmc com] 
Sent: Friday, May 16, 2003 08:26 PM
To: 'Sutantyo, Danny'; 'salgak () speakeasy net';
'firewall-wizards () honor icsalabs com'
Subject: RE: [fw-wiz] PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700


Here is a snapshot of my config:

crypto ipsec transform-set strong esp-des esp-sha-hmac 
crypto map towork 20 ipsec-isakmp
crypto map towork 20 match address 90
crypto map towork 20 set peer w.x.y.z
crypto map towork 20 set transform-set strong
crypto map towork interface outside
isakmp enable outside
isakmp key ******** address w.x.y.z netmask 255.255.255.255 
isakmp identity address
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption des
isakmp policy 9 hash sha
isakmp policy 9 group 1
isakmp policy 9 lifetime 2880

Gotchas that we had:

1) Nortel didn't like AH. Use ESP instead.
2) SHA was the only hash that seemed to want to work
3) Make sure that your lifetime and the ACL of permitted networks exactly
matches your Nortel.

Once we got past those bumps, we were good to go. HTH

Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
wnoonan () bmc com
http://www.bmc.com



-----Original Message-----
From: Sutantyo, Danny [mailto:DSutantyo () livingstonintl com]
Sent: Friday, May 16, 2003 14:42
To: 'salgak () speakeasy net'; 'firewall-wizards () honor icsalabs com'
Subject: RE: [fw-wiz] PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700

So is it regular config? Using 3DES and group 2?

dS

-----Original Message-----
From: salgak () speakeasy net [mailto:salgak () speakeasy net]
Sent: Friday, May 16, 2003 03:41 PM
To: Sutantyo, Danny; 'firewall-wizards () honor icsalabs com'
Subject: Re: [fw-wiz] PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700




-----Original Message-----
From: Sutantyo, Danny [mailto:DSutantyo () livingstonintl com]
Sent: Friday, May 16, 2003 05:34 PM
To: 'firewall-wizards () honor icsalabs com'
Subject: [fw-wiz] PIX FW 515 (6.3) VPN w/ Nortel Contivity 2700


    Hi,
    Has anyone tried to establish VPN from PIX to Nortel Contivity? Any 
caveat or idea?


2 jobs back, we had a system that passed through Contivity and PIX, 
but each was a gateway out of a small network: We did Contivity VPN 
back to our 4500,
and the other people did PIX back to their cloud.  It worked.

_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: