Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
2
Replies

IPSec Lan-2-Lan between a VPN 3015 and Nortel Contivity 1000 series. How??

n.damico
Level 1
Level 1

‎05-17-2001 08:26 AM - edited ‎02-21-2020 11:20 AM

We currently purchased a Cisco VPN 3015 cocentrator. It is running parallel with our PIX. Connectivity for remote users works fine (remote access). However, I am NOT able to establish an IPSec Lan2Lan connection with our client.

Our client has a Nortel Contivity 1000 series switch. Our settings are pretty much mirror of each other. Accessible networks=Remote Network; Remote Network=Private network; Time LifeTime = 8 hours; Remote Endpoint=VPN public Interface; Local Endpoint=Peer address; etc .....

With these settings in place, neither of our VPN boxes initiates the tunneling process. Our static routes are fine as per Cisco Engineers. I cannot figure out why.

When I enable Network Autodiscovery (does not work unless connecting two Cisco VPN conectrators), the tunnel is created, phase I & part of Phase II completes but errors out due to failure in finding appropriate networks for the tunnel. This shows me that we have our pre-shared keys and our negotiation parameters correct. What am I doing wrong?

-Nick

Labels:
0 Helpful
2 Replies 2

beth-martin
Level 5
Level 5

‎05-22-2001 01:52 PM

I looked but couldn’t find much help on Nortel’s site. I think it’s going to take a conference call with Cisco, Nortel, your client’s admin and yourself to figure it out. Come back and let us know what you found. I’m curious what they will have to say.

0 Helpful

n.damico
Level 1
Level 1
In response to beth-martin

‎05-30-2001 11:33 AM

Fixed ..... very simple.

We had our config looked at by two of the Cisco TAC engineers and they were somewhat baffled. All seemed to be setup properly.

The case escalated to an Engineer in North Carolina. (Very smart man indeed!!)

He figured out the problem in 10 minutes flat.

Problem: A redunant static route statment.

Apparently, the VPN concentrator knows where to send packets destined for the remote peer. I forced all packets destined to the remote network via a static route statement on the concentrator. This is what prevented me from establishing a tunnel to our client.

Thanks for all your help folks!

-Nick

0 Helpful
Customers Also Viewed These Support Documents