Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BOT Between NVR1100 and BSR222

Status
Not open for further replies.
RevelinoSuriname

RevelinoSuriname

Technical User
Sep 20, 2003
31
0
0
SR
Hi,
I would like to create a Branch Office Tunnel between a NVR1100 and a BSR222. The NVR1100 has been discontinued but I thought it might still be available to create that BOT.
On the side of the NVR1100 I have a Static public ip. The NVR1100 I would like to use as a responder. On the side of the BSr222 I have a dynamic public IP (goes though ADSL) and the BSR222 I would like to use as an initiator.

Is there a document describing this config or is there anyone that can assist me in doing this?

Thanks in advance.
 
Sort by date Sort by votes
Your setting on the BSR222 should allow for keep alives, use IKE for key management, main mode is fine, and be sure to advertise your local IP subnets as the "Local IP addresses" for each subnet you wish to advertise to the 1100. (Note- the more common term for the "NVR 1100" is a Contivity 1100..."NVR" is a newere name within the last few names for Nortel's remarketing of the COntivity line called Nortel VPN Router..the user community knows these as the 1100 for future reference)..then be sure to use the remote subnets (aka- the private subnets you wish to allow through the tunnel on the 1100 side) on the "Remote IP address" section.
Local ID= DNS
Content= this is usually the public IP addy of the 222...since this is a dynamic IP however, you will need to enter the DNS name of the device, and then be sure to have this match on the 1100 remote side.
If this is not feasible, you will need to ask for a static IP from the provider and change "LOCAL ID" here to "IP"

Peer ID type= IP
Content blank= (leave this blank)
Secure gateway Address= Public IP of the 1100
Encap mode= tunnel
For encryption, make sure ESP/AH matches, and then I recommend 3DES and MD5..I have had issues with AES on the 222. 3DES is more than fine.
**Use the same preshared key on both sides**!!
***The one key thing that can really mess you up is if you advertise DIFFERENT networks on each side...so make sure local subnets from one side is exactly the same as remote subnets on the other side..otherwise, it will fail..this is part of the negotiation!!

I hope this is helpful

-HH
 
Upvote 0 Downvote
Also make sure the PFS (Perfect Forward Secrecy) matches on both sides.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nortavaya
  • Locked
  • Question
Stack between ERS-3524 and 3549, is it supported ?
Replies
2
Views
59
nortavaya
nortavaya
miky2019
  • Locked
  • Question
Equinox client request extension and password while using auto configuration
Replies
0
Views
43
miky2019
miky2019
b4btec
  • Locked
  • Question
Setting up a MLT trunk between a stack and an edge swtich
Replies
1
Views
33
andy88
andy88
DocRobotnik
  • Locked
  • Question
Nortel Wlan 2360 bandwidth problem on wifi and connexion
Replies
0
Views
33
DocRobotnik
DocRobotnik
DocRobotnik
  • Locked
  • Question
Nortel Contivity 1750 password unknow and maybe ip static unknow 1
Replies
1
Views
60
andy88
andy88

Part and Inventory Search

Sponsor

Back
Top