connecting a Nortel Contivity VPN device to a Cisco PIX Firewall in IPSEC tunnel mode

Discussion in 'Cisco' started by Ken Gallagher, Aug 3, 2006.

  1. Good day, all.

    I'm stuck on a weird problem here. I was requested to develop a method
    whereby a Contivity 221 running in an Initiator Responder mode (where
    it uses an Initiator ID, as well as an IPSEC passkey) has to connect to
    a Cisco PIX firewall (running OS version 7.0 or higher). The idea is
    to have the Contivity devices terminate their VPN sessions on the PIX
    firewall, instead of to the current Contivity 600

    Does anyone know if this is possible, and if so, what I'd need in order
    to make it work (e.g. if I have an initiator ID of Contivity221 and a
    passkey of abcd1234, what would the equivalent commands be on the Cisco
    PIX firewall)?

    Ken Gallagher, Aug 3, 2006
    1. Advertisements

  2. I looked into this briefly the other day, when I read your question,
    but I was unable to find much information about Initiator Responder mode
    in order to see if I could figure out the Cisco equivilent.

    I did find that Contivity terminology also refers to this mode has
    having a tunnel name, but that doesn't correspond to anything I'm
    familiar with from IPSec.

    The ID and passkey you give -look- like what PIX 5 / PIX 6 called
    "vpngroup password". In PIX 7, it looks to me that the equivilent to
    that would be to configure

    tunnel-group NAME type ipsec-ra
    tunnel-group NAME ipsec-attributes pre-shared-key PASSWORD

    However, I cannot tell whether this is the same thing as Initiator Responder
    Walter Roberson, Aug 6, 2006
    1. Advertisements

  3. Thanks very much.

    I'll give this a shot (the client is going to be running a newer model PIX
    firewall, so he'll be running firewall OS 7.0, I believe)

    I appreciate your help!
    ken gallagher, Aug 7, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.