RE: IPSEC tunnel between Nokia and Cisco

Claussen, Ken Mon, 10 Sep 2001 10:24:31 -0700
Giorgo,
Your solution is much easier to maintain. I would put the single VPN router
behind the firewall and allow UDP port 500(ISAKMP) and protocols 50 (ESP)
and 51 (AH) to tunnel from your IP to the remote VPN router. I have worked
with IPsec tunnels between different vendor platforms and it can be a bit
(or alot) tricky. It is much easier to maintain if both ends are Cisco
routers. As an aside have you considered SSH to the routers themselves. This
provides an equally secure alternative and would not require additional
hardware. To do this you need to be running 12.1.2T or some newer T version
IOS. Also beware 12.1.3 is a bit buggy especially between Cisco and
Checkpoint, we had to upgrade to 12.1.5T9 to get good SAs

Ken Claussen MCSE CCNA CCA
"In Theory it should work as you describe, but the difference between theory
and reality is the truth! For this we all strive"


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of erratic whimsicality
Sent: Monday, September 10, 2001 11:09 AM
To: [EMAIL PROTECTED]
Subject: IPSEC tunnel between Nokia and Cisco


Hello All,


We are going to set up a secure environment to access external routers 
(located in a specfic DMZ) for management purposes.
The initial idea was having a dedicated Nokia IP440 connecting to the 
various routers via an IPSEC tunnel. That firewall itself is with one leg 
in the management  LAN, and the other leg in a firewall LAN connection the 
various DMZ.
So basically, the firewall would be the endpoint of all IPSEC tunnels to 
the routers to be managed.

Being a Cisco-oriented person, I don't really like this solution as it will 
be harder for me to manage the IPSEC sided on the firewall, esp when more 
tunnels have to be added or removed.
This is why I thought of the following alternative, and it is for that one 
that I would like your opinion.

My suggestion is to put a dedicated IPSEC VPN router between the firewall 
and the routers to be managed. The firewall would then have only -one- 
IPSEC tunnel towards the dedicated router, and that dedicated router would 
then be the endpoint of all IPSEC tunnels to the other cisco routers to be 
managed.

I hope I described the setup in an understandable way.

I would appreciate any comments on this, esp. if someone had already 
experience with it.

Thanks,

    ...Giorgo


_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
RE: IPSEC tunnel between Nokia and Cisco

Reply via email to
