connecting a Nortel Contivity VPN device to a Cisco PIX Firewall in IPSEC tunnel mode

Discussion in 'Cisco' started by Ken Gallagher, Aug 3, 2006.

  1. Good day, all.

    I'm stuck on a weird problem here. I was requested to develop a method
    whereby a Contivity 221 running in an Initiator Responder mode (where
    it uses an Initiator ID, as well as an IPSEC passkey) has to connect to
    a Cisco PIX firewall (running OS version 7.0 or higher). The idea is
    to have the Contivity devices terminate their VPN sessions on the PIX
    firewall, instead of to the current Contivity 600

    Does anyone know if this is possible, and if so, what I'd need in order
    to make it work (e.g. if I have an initiator ID of Contivity221 and a
    passkey of abcd1234, what would the equivalent commands be on the Cisco
    PIX firewall)?

    Thanks!
    Ken Gallagher, Aug 3, 2006
    #1
    1. Advertising

  2. In article <>,
    Ken Gallagher <> wrote:
    >I was requested to develop a method
    >whereby a Contivity 221 running in an Initiator Responder mode (where
    >it uses an Initiator ID, as well as an IPSEC passkey) has to connect to
    >a Cisco PIX firewall (running OS version 7.0 or higher). The idea is
    >to have the Contivity devices terminate their VPN sessions on the PIX
    >firewall, instead of to the current Contivity 600


    I looked into this briefly the other day, when I read your question,
    but I was unable to find much information about Initiator Responder mode
    in order to see if I could figure out the Cisco equivilent.


    >Does anyone know if this is possible, and if so, what I'd need in order
    >to make it work (e.g. if I have an initiator ID of Contivity221 and a
    >passkey of abcd1234, what would the equivalent commands be on the Cisco
    >PIX firewall)?


    I did find that Contivity terminology also refers to this mode has
    having a tunnel name, but that doesn't correspond to anything I'm
    familiar with from IPSec.

    The ID and passkey you give -look- like what PIX 5 / PIX 6 called
    "vpngroup password". In PIX 7, it looks to me that the equivilent to
    that would be to configure

    tunnel-group NAME type ipsec-ra
    tunnel-group NAME ipsec-attributes pre-shared-key PASSWORD

    However, I cannot tell whether this is the same thing as Initiator Responder
    mode.
    Walter Roberson, Aug 6, 2006
    #2
    1. Advertising

  3. Thanks very much.

    I'll give this a shot (the client is going to be running a newer model PIX
    firewall, so he'll be running firewall OS 7.0, I believe)

    I appreciate your help!
    "Walter Roberson" <> wrote in message
    news:51pBg.325714$Mn5.76204@pd7tw3no...
    > In article <>,
    > Ken Gallagher <> wrote:
    >>I was requested to develop a method
    >>whereby a Contivity 221 running in an Initiator Responder mode (where
    >>it uses an Initiator ID, as well as an IPSEC passkey) has to connect to
    >>a Cisco PIX firewall (running OS version 7.0 or higher). The idea is
    >>to have the Contivity devices terminate their VPN sessions on the PIX
    >>firewall, instead of to the current Contivity 600

    >
    > I looked into this briefly the other day, when I read your question,
    > but I was unable to find much information about Initiator Responder mode
    > in order to see if I could figure out the Cisco equivilent.
    >
    >
    >>Does anyone know if this is possible, and if so, what I'd need in order
    >>to make it work (e.g. if I have an initiator ID of Contivity221 and a
    >>passkey of abcd1234, what would the equivalent commands be on the Cisco
    >>PIX firewall)?

    >
    > I did find that Contivity terminology also refers to this mode has
    > having a tunnel name, but that doesn't correspond to anything I'm
    > familiar with from IPSec.
    >
    > The ID and passkey you give -look- like what PIX 5 / PIX 6 called
    > "vpngroup password". In PIX 7, it looks to me that the equivilent to
    > that would be to configure
    >
    > tunnel-group NAME type ipsec-ra
    > tunnel-group NAME ipsec-attributes pre-shared-key PASSWORD
    >
    > However, I cannot tell whether this is the same thing as Initiator
    > Responder
    > mode.
    ken gallagher, Aug 7, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rik Bain

    pix-nortel contivity ipsec failing

    Rik Bain, Nov 2, 2003, in forum: Cisco
    Replies:
    1
    Views:
    2,722
    Bill F
    Nov 2, 2003
  2. Michael Ryan
    Replies:
    5
    Views:
    3,277
    Michael Ryan
    Jan 27, 2004
  3. mw
    Replies:
    2
    Views:
    3,267
  4. Replies:
    3
    Views:
    27,196
  5. Ken  Gallagher
    Replies:
    1
    Views:
    784
    Ken Gallagher
    Nov 14, 2006
Loading...

Share This Page