Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
1
Replies

PIX Site-to-Site with Nortel Contivity

nmaio
Level 1
Level 1

‎03-29-2006 08:27 AM - edited ‎02-21-2020 12:48 AM

Hi I am trying to create a Site-to-Site VPN connection between a Nortel box and a Pix 525. I am able to get phase 1 up in QM-IDLE status but not able to get phase 2 working. I think there is a routing/nat problem but I am not sure. The inside network on the pix is a public address 63.xx.xx.xx and we need to nat this to another public address 65.xx.xx.xx This setup is a little different form a normal connection since the vpn peer is on the 65.xx.x.xx network and the hosts are supposed to be as well. We also had to bring in another t1 in addition to the main t1 for internet access. So this vpn connection is supposed to be off another inerface on the pix. We can not let the other site of the vpn connection know of the 63.xx.xx.xx network. Is it possible to have the peer and the host on the same network? Thanks for your help.

Just a little more info. This is what I get when I debug ipsec.

PH-PH-PIX-01(config)# IPSEC(key_engine): got a queue event...

IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP

IPSEC(key_engine_delete_sas): delete all SAs shared with 205.xx.xx.xx

IPSEC(key_engine): got a queue event...

IPSEC(spi_response): getting spi 0xf3b5fbb2(4088789938) for SA

from 205.xx.xx.xx to 65.xx.xx.xx for prot 3

IPSEC(key_engine): request timer fired: count = 1,

(identity) local= 65.xx.xx.xx, remote= 205.xx.xx.xx,

local_proxy= NET_INSIDE/255.255.255.128/1/0 (type=4),

remote_proxy= XX_PC/255.255.255.255/1/0 (type=1)

IPSEC(key_engine): got a queue event...

IPSEC(spi_response): getting spi 0xf5efb422(4126127138) for SA

from 205.xx.xx.xx to 65.xx.xx.xx for prot 3

IPSEC(key_engine): request timer fired: count = 2,

(identity) local= 65.xx.xx.xx, remote= 205.xx.xx.xx,

local_proxy= NET_INSIDE/255.255.255.128/1/0 (type=4),

remote_proxy= XX_PC/255.255.255.255/1/0 (type=1)

IPSEC(key_engine): got a queue event...

IPSEC(spi_response): getting spi 0x1e70383f(510670911) for SA

from 205.xx.xx.xx to 65.xx.xx.xx for prot 3

IPSEC(key_engine): request timer fired: count = 1,

(identity) local= 65.xx.xx.xx, remote= 205.132.5.170,

local_proxy= NET_INSIDE/255.255.255.128/1/0 (type=4),

remote_proxy= XX_PC/255.255.255.255/1/0 (type=1)

IPSEC(key_engine): got a queue event...

IPSEC(spi_response): getting spi 0x331f908b(857706635) for SA

from 205.xx.xx.xx to 65.xx.xx.xx for prot 3

IPSEC(key_engine): request timer fired: count = 2,

(identity) local= 65.xx.xx.xx, remote= 205.xx.xx.xx,

local_proxy= NET_INSIDE/255.255.255.128/1/0 (type=4),

remote_proxy= XX_PC/255.255.255.255/1/0 (type=1)

IPSEC(key_engine): got a queue event...

IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP

IPSEC(key_engine_delete_sas): delete all SAs shared with 205.xx.xx.xx

0 Helpful
1 Reply 1

nmaio
Level 1
Level 1

‎03-30-2006 05:51 AM

Any help on this would be greatly appreciated. Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card