[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Nortel Contivity VPN
I should mention that others on this list got such a VPN to work (CP <-> Nortel), but only single DES from what I can remember. 3DES was a requirement for us -- so SOL for me... and I got the same result you described (we had to initiate the VPN to bring it up) in any case. That alone was unacceptable. Though Phase 1 and 2 would log successful when we used single DES. False hope :) I'll be waiting for that Contivity release in 6/01 :) Do you have your firewall and their Nortel box IPs in the encryption domains? Just a thought. I am currently NATing a Nortel box behind our firewall for this VPN, at 3DES, using Static NAT. If you need to do that and need assistance, just drop me an email. HTH -- Chris --- [email protected] wrote: > Hi > > Thanks - its good to know it's not just a freaky > problem of my own ;-) > > FYI...we have run up the white flag for now and are > buying a Contivity for > this end - I am still hoping to get FW1->Nortel > working in the long term > otherwise we will need to buy a Nortel for each site > to sit alongside our > Checkpoint kit :( > > > Tim Higgins > > > > > > Chris F <[email protected]> > Sent by: > [email protected] > 05/02/01 15:01 > > > To: [email protected], > [email protected] > cc: > Subject: Re: [FW1] Nortel Contivity > VPN > > > > Hi Tim/All -- > > I had the same problem with my FW 4.1 SP2 and > Nortel. > > I, CP side, that to bring up the VPN before it > worked. > However, I couldn't encrypt with them -- but they > could encrypt/decrypt with me. > > I rebuilt my FW completely last Tuesday (Solaris > 2.6, > FW4.1 SP0 --> SP3). > > One of my goals were to try and get the VPN working > again. Thanks to your post, now I know not to waste > my > time. > > We have a Nortel box for the VPN currently in place > :( > > Thanks -- Chris > > > --- [email protected] wrote: > > Hi > > > > Trying to setup VPN from CP FW1 4.0 SP4 to Nortel > > Contivity. > > > > No success trying to follow the steps for FW1 4.1. > > > > (Furthest I got was getting acknowledgement that > IKE > > Phase 1 completed but > > failed on Phase 2 - invalid protocol). > > > > Now I have more depressing information:- > > > > "...according to Nortel, VPN connectivity with a > > Checkpoint unit must be > > initiated from the Checkpoint side. Nortel admits > > that this is because > > the Contivity OS is not IPSEC compliant. This > will > > be fixed in the next > > release, 3.6, due 6/01. I suspect that this means > > you will have to set up > > with a Contivity of your own at your side..." > > > > > > Before I surrender and get a Contivity (god knows > > where it will 'sit' - > > behind FW-1 ?) - any ideas ? > > > > > > Cheers > > > > > > Tim Higgins > > > > > #********************************************************************** > > This message is intended solely for the use of the > > individual > > or organisation to whom it is addressed. It may > > contain > > privileged or confidential information. If you > have > > received > > this message in error, please notify the > originator > > immediately. > > If you are not the intended recipient, you should > > not use, > > copy, alter, or disclose the contents of this > > message. All > > information or opinions expressed in this message > > and/or > > any attachments are those of the author and are > not > > necessarily those of Hughes Network Systems > Limited, > > including its European subsidiaries and > affiliates. > > Hughes > > Network Systems Limited, including its European > > subsidiaries and affiliates accepts no > > responsibility for loss > > or damage arising from its use, including damage > > from virus. > > > #********************************************************************** > > > > > __________________________________________________ > Get personalized email addresses from Yahoo! Mail - > only $35 > a year! http://personal.mail.yahoo.com/ > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ > > > > > #********************************************************************** > This message is intended solely for the use of the > individual > or organisation to whom it is addressed. It may > contain > privileged or confidential information. If you have > received > this message in error, please notify the originator > immediately. > If you are not the intended recipient, you should > not use, > copy, alter, or disclose the contents of this > message. All > information or opinions expressed in this message > and/or > any attachments are those of the author and are not > necessarily those of Hughes Network Systems Limited, > including its European subsidiaries and affiliates. > Hughes > Network Systems Limited, including its European > subsidiaries and affiliates accepts no > responsibility for loss > or damage arising from its use, including damage > from virus. > #********************************************************************** > __________________________________________________ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|