I should mention that others on this list got such a
VPN to work (CP <-> Nortel), but only single DES from
what I can remember.
3DES was a requirement for us -- so SOL for me... and
I got the same result you described (we had to
initiate the VPN to bring it up) in any case. That
alone was unacceptable.
Though Phase 1 and 2 would log successful when we used
single DES. False hope :)
I'll be waiting for that Contivity release in 6/01 :)
Do you have your firewall and their Nortel box IPs in
the encryption domains? Just a thought.
I am currently NATing a Nortel box behind our firewall
for this VPN, at 3DES, using Static NAT. If you need
to do that and need assistance, just drop me an email.
HTH -- Chris
--- [EMAIL PROTECTED] wrote:
> Hi
>
> Thanks - its good to know it's not just a freaky
> problem of my own ;-)
>
> FYI...we have run up the white flag for now and are
> buying a Contivity for
> this end - I am still hoping to get FW1->Nortel
> working in the long term
> otherwise we will need to buy a Nortel for each site
> to sit alongside our
> Checkpoint kit :(
>
>
> Tim Higgins
>
>
>
>
>
> Chris F <[EMAIL PROTECTED]>
> Sent by:
> [EMAIL PROTECTED]
> 05/02/01 15:01
>
>
> To: [EMAIL PROTECTED],
> [EMAIL PROTECTED]
> cc:
> Subject: Re: [FW1] Nortel Contivity
> VPN
>
>
>
> Hi Tim/All --
>
> I had the same problem with my FW 4.1 SP2 and
> Nortel.
>
> I, CP side, that to bring up the VPN before it
> worked.
> However, I couldn't encrypt with them -- but they
> could encrypt/decrypt with me.
>
> I rebuilt my FW completely last Tuesday (Solaris
> 2.6,
> FW4.1 SP0 --> SP3).
>
> One of my goals were to try and get the VPN working
> again. Thanks to your post, now I know not to waste
> my
> time.
>
> We have a Nortel box for the VPN currently in place
> :(
>
> Thanks -- Chris
>
>
> --- [EMAIL PROTECTED] wrote:
> > Hi
> >
> > Trying to setup VPN from CP FW1 4.0 SP4 to Nortel
> > Contivity.
> >
> > No success trying to follow the steps for FW1 4.1.
> >
> > (Furthest I got was getting acknowledgement that
> IKE
> > Phase 1 completed but
> > failed on Phase 2 - invalid protocol).
> >
> > Now I have more depressing information:-
> >
> > "...according to Nortel, VPN connectivity with a
> > Checkpoint unit must be
> > initiated from the Checkpoint side. Nortel admits
> > that this is because
> > the Contivity OS is not IPSEC compliant. This
> will
> > be fixed in the next
> > release, 3.6, due 6/01. I suspect that this means
> > you will have to set up
> > with a Contivity of your own at your side..."
> >
> >
> > Before I surrender and get a Contivity (god knows
> > where it will 'sit' -
> > behind FW-1 ?) - any ideas ?
> >
> >
> > Cheers
> >
> >
> > Tim Higgins
> >
> >
>
#**********************************************************************
> > This message is intended solely for the use of the
> > individual
> > or organisation to whom it is addressed. It may
> > contain
> > privileged or confidential information. If you
> have
> > received
> > this message in error, please notify the
> originator
> > immediately.
> > If you are not the intended recipient, you should
> > not use,
> > copy, alter, or disclose the contents of this
> > message. All
> > information or opinions expressed in this message
> > and/or
> > any attachments are those of the author and are
> not
> > necessarily those of Hughes Network Systems
> Limited,
> > including its European subsidiaries and
> affiliates.
> > Hughes
> > Network Systems Limited, including its European
> > subsidiaries and affiliates accepts no
> > responsibility for loss
> > or damage arising from its use, including damage
> > from virus.
> >
>
#**********************************************************************
> >
>
>
> __________________________________________________
> Get personalized email addresses from Yahoo! Mail -
> only $35
> a year! http://personal.mail.yahoo.com/
>
>
>
================================================================================
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
>
>
>
>
>
#**********************************************************************
> This message is intended solely for the use of the
> individual
> or organisation to whom it is addressed. It may
> contain
> privileged or confidential information. If you have
> received
> this message in error, please notify the originator
> immediately.
> If you are not the intended recipient, you should
> not use,
> copy, alter, or disclose the contents of this
> message. All
> information or opinions expressed in this message
> and/or
> any attachments are those of the author and are not
> necessarily those of Hughes Network Systems Limited,
> including its European subsidiaries and affiliates.
> Hughes
> Network Systems Limited, including its European
> subsidiaries and affiliates accepts no
> responsibility for loss
> or damage arising from its use, including damage
> from virus.
>
#**********************************************************************
>
__________________________________________________
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
