From: bfuller <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1]
Date: Wed, 1 May 2002 16:06:41 -0400
MessageI had problems getting it to work, and after many talks with
Checkpoint and Nortel, I have not yet been successful. Checkpoint says it
has something to do with how IKE is handled in the Nortel boxes and that
they did not follow the standards. I don't know what the real reason is. I
was able to initiate a vpn connection from the checkpoint side, but not the
nortel side. The vpn would fail when a key negotiation was taking place if
the Nortel initiated the vpn tunnel.
I have been able to create vpn tunnels with other products to the
Checkpoint
firewall, such as cisco without any trouble.
I had tried on two occasions for different customers with no luck. If you
get it to work, let us all know how you managed it.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Roland
Pintal
Sent: Wednesday, May 01, 2002 2:17 PM
To: [email protected]
Subject: Re: [FW-1]
Solution
How to Configure an IKE VPN with Nortel Contivity VPN Server
Solution ID: 55.0.947
Creation Date: 03/10/2000
Revised Date: 05/04/2000
I found this on the Knowledge base. There was a document you could
download. A 1.2 Meg zipped file. Just call them and ask for it or
something.
-----Original Message-----
From: Russell Washington [mailto:[email protected]]
Sent: Wednesday, May 01, 2002 2:01 PM
To: [email protected]
Subject: Re: [FW-1]
Heh. Good point :)
-----Original Message-----
From: Jim Parker [mailto:[email protected]]
Sent: Wednesday, May 01, 2002 10:29 AM
To: [email protected]
Subject: Re: [FW-1]
Unfortunately, there is no such thing as a "quick call" to
checkpoint
:)
----- Original Message -----
From: Russell Washington
To: [email protected]
Sent: Wednesday, May 01, 2002 5:20 PM
Subject: Re: [FW-1]
I have yet to hear of an IPSec-based VPN that gives a hoot whose
product is on each end. Granted, vendor quirkiness can make getting these
things to talk a bit tricky, but that makes it sometimes 'a pain,' not
'impossible.'
And if we are talking FW-1 to FW-1 here... ok, I'll admit, I
haven't
touched a Nortel yet, saying that that fundamentally 'won't work' sounds
like a bit of a stretch. A quick call to Checkpoint should put that to
rest.
-----Original Message-----
From: Stuart Carrison [mailto:[email protected]]
Sent: Wednesday, May 01, 2002 8:08 AM
To: [email protected]
Subject: [FW-1]
Hi there,
We're currently in the throws of implementing FW-1, however, our
web site is hosted by our MSP and we wanted to set up a permanent VPN to
them (firewall to firewall VPN).
Our MSP uses a Nortel 'hardware box' and we want to use FW-1 on
an
Intel server. Our MSP insists that FW-1 > Nortel VPNs won't work, even
though I'm under the impression that nortel firewalls use FW-1!!
Can anyone verify this? If this is the case, can anyone suggest
away of keeping our intel server and still creating a VPN with the MSP?
If this is proven TO WORK can someone send me some supporting
docs?
Cheers,
Stuart C
Screwfix Direct
intY has scanned this email for all known viruses
(www.inty.com)
-----
This message was scanned by AT&T Canada IES (Security Provisioning) for
viruses. This protection does not ensure this message is virus free,
however
every precaution possible has been taken on our part.