Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501 and Nortel Contivity 1700

I am trying to establish a branch office VPN connection between a PIX 501 and a Nortel 1700 using IPSEC. The 501 shows that the tunnel is up while the Contivity says it fails. The failure in the Contivity log is Invalid ID information in ISAKMP negotiation. I have the rekey timeouts set to 72000 secs. so I don't think that is it. Is there anything anyone is aware of that I need to set up to get these two boxes to work? Anyone aware of a sample config for establishing a connection between a PIX and a Contivity switch?

Thanks,

Todd

1 REPLY
Bronze

Re: PIX 501 and Nortel Contivity 1700

The default lifetimes on the PIX are as follows:

ISAKMP (IKE) = 86400 seconds

IPSec (SA) = 28800 seconds

At each rekey interval, the specific key for that function of the tunnel will be rekeyed. You need

to make sure that the ISAKMP setting (including lifetime) and the ISAKMP keys match exactly between

the 2 devices. Also, you can use the following debugs to watch the connection build/fail which will give you a better idea on what account it is failing:

debug crypto ipsec

debug crypto isakmp

debug crypto engine

324
Views
0
Helpful
1
Replies
CreatePlease login to create content