Re: problem with vpn cisco-nortel

fbatista · ‎06-25-2002

Im trying to gain a client from the competition. My new client has an international connection. He wishes to have a vpn conection with his international site. Im trying to sell a cisco router to my client for lan routing. He will buy me the router if i can configure it to stablish a vpn connection with the nortel contivity box placed in the international site. I tryied to convince him to by a pix for the international site instead of the nortel box but he already bought the contivity box and doesnt want to loose is investment.

I've done plenty research in both cisco and nortels site to figure out how to make this work and my last step was to get advice from cisco security specialist and the recomendation was to place a conversation here.

Need help to close this deal. Anybody has a clue?

Thank you all in advance,

FBatista.

paqiu · ‎06-25-2002

Cisco have router , PIX and VPN 3000 box can build up IPSEC VPN tunnels.

All those boxes use IETF standard IPSEC configurations.

I have some cases helping our cusomers building up VPN tunnel from Cisco boxes to Checkpoint, Nortel boxes even Windows 2000 server, they are all working fine.

As far as both boxes ISAKMP and IPSEC policy matching each other, the VPN tunnel will be built up successfully.

Normally if we turn on the debug in our box, we can find a clue which policy is not matching and we will match it in both peers.

fbatista · ‎06-25-2002

I need info regarding the specific case of nortel contivity and cisco. I know the standar cisco uses are IETF, my concern is in propietary specifications out of the ipsec features. Can this two equipment comunicate at all so i can star configuring ipsec?

Forgive me if i sound negative, im just being very carefull because this could be the beginning of a good client-customer relationship or a very bad experience if i offer something i cant provide.

If you have any specific notes about this contivity-cisco comunication plz let me know.

Thanks for your replay.

FBatista.

paqiu · ‎06-26-2002

There is no CCO sample config for Cisco box to nortel routers.

I have done a search in our internal case notes. There are more than 800 cases has been closed related to our box VPN to nortel box. Quickly go through several of them, most of them has resolved the issue and build up the tunnel.

If you are using a Cisco router to a Nortel box, it will be the easiest way to implement. Because it will generate many useful debug and we can make it working from there.

If you run into a problem, please open a case with TAC, we will help you to make it working.

By the way, talk to your local System engineer from Cisco and get some opinions from them will be good as well.

Best Regards,

franzin · ‎06-27-2002

Cisco PIX and Cisco routers work fine with Contivity.

I'm implanting 108 points of sales with contivity and a PIX 515E at hub location.

Unfortunately we could not change Nortel Contivity at the point of sales

due to a world agreement with the enterprise and Nortel.

You need configure contivity to work with IPSEC MAIN MODE, use of

DES or 3DES depend of the contivity model and license. If you mail

me I can send a sample for contivity 100 and PIX 501 laboratory test.

stakano · ‎07-11-2002

I would be very interested in your configuration and lab results.

Please post them on in this thread.

Thanks