I had
problems getting it to work, and after many talks with Checkpoint and Nortel, I
have not yet been successful. Checkpoint says it has something to do
with how IKE is handled in the Nortel boxes and that they did not follow
the standards. I don't know what the real reason is. I was able
to initiate a vpn connection from the checkpoint side, but not the nortel
side. The vpn would fail when a key negotiation was taking place if the
Nortel initiated the vpn tunnel.
I have
been able to create vpn tunnels with other products to the Checkpoint firewall,
such as cisco without any trouble.
I had
tried on two occasions for different customers with no luck. If you get it
to work, let us all know how you managed it.
Solution |
|
How to Configure an IKE VPN with
Nortel Contivity VPN Server |
|
Solution
ID: 55.0.947 |
Creation
Date: 03/10/2000 |
Revised
Date:
05/04/2000 | | |
I
found this on the Knowledge base. There was a document you could download. A
1.2 Meg zipped file. Just call them and ask for it or
something.
Heh. Good point :)
Unfortunately, there is no such thing as a
"quick call" to checkpoint :)
----- Original Message -----
Sent: Wednesday, May 01, 2002 5:20
PM
Subject: Re: [FW-1]
I have yet to hear of an IPSec-based VPN that gives a hoot whose
product is on each end. Granted, vendor quirkiness can make
getting these things to talk a bit tricky, but that makes it sometimes
'a pain,' not 'impossible.'
And if we are talking FW-1 to FW-1 here... ok, I'll admit, I
haven't touched a Nortel yet, saying that that fundamentally 'won't
work' sounds like a bit of a stretch. A quick call to Checkpoint
should put that to rest.
Hi there,
We're currently in the throws of
implementing FW-1, however, our web site is hosted by our MSP and we
wanted to set up a permanent VPN to them (firewall to firewall
VPN).
Our MSP uses a Nortel 'hardware box' and we
want to use FW-1 on an Intel server. Our MSP insists that FW-1 >
Nortel VPNs won't work, even though I'm under the impression that
nortel firewalls use FW-1!!
Can anyone verify this? If this is the
case, can anyone suggest away of keeping our intel server and still
creating a VPN with the MSP?
If this is proven TO WORK can someone send
me some supporting docs?
Cheers,
Stuart C Screwfix Direct
intY has scanned this email for all
known viruses (www.inty.com)
| -----
This message was scanned by AT&T Canada IES (Security Provisioning) for
viruses. This protection does not ensure this message is virus free, however
every precaution possible has been taken on our part.
|