Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BOT Between NVR1100 and BSR222

Status
Not open for further replies.
RevelinoSuriname

RevelinoSuriname

Technical User
Sep 20, 2003
31
SR
Hi,
I would like to create a Branch Office Tunnel between a NVR1100 and a BSR222. The NVR1100 has been discontinued but I thought it might still be available to create that BOT.
On the side of the NVR1100 I have a Static public ip. The NVR1100 I would like to use as a responder. On the side of the BSr222 I have a dynamic public IP (goes though ADSL) and the BSR222 I would like to use as an initiator.

Is there a document describing this config or is there anyone that can assist me in doing this?

Thanks in advance.
 
Sort by date Sort by votes
Your setting on the BSR222 should allow for keep alives, use IKE for key management, main mode is fine, and be sure to advertise your local IP subnets as the "Local IP addresses" for each subnet you wish to advertise to the 1100. (Note- the more common term for the "NVR 1100" is a Contivity 1100..."NVR" is a newere name within the last few names for Nortel's remarketing of the COntivity line called Nortel VPN Router..the user community knows these as the 1100 for future reference)..then be sure to use the remote subnets (aka- the private subnets you wish to allow through the tunnel on the 1100 side) on the "Remote IP address" section.
Local ID= DNS
Content= this is usually the public IP addy of the 222...since this is a dynamic IP however, you will need to enter the DNS name of the device, and then be sure to have this match on the 1100 remote side.
If this is not feasible, you will need to ask for a static IP from the provider and change "LOCAL ID" here to "IP"

Peer ID type= IP
Content blank= (leave this blank)
Secure gateway Address= Public IP of the 1100
Encap mode= tunnel
For encryption, make sure ESP/AH matches, and then I recommend 3DES and MD5..I have had issues with AES on the 222. 3DES is more than fine.
**Use the same preshared key on both sides**!!
***The one key thing that can really mess you up is if you advertise DIFFERENT networks on each side...so make sure local subnets from one side is exactly the same as remote subnets on the other side..otherwise, it will fail..this is part of the negotiation!!

I hope this is helpful

-HH
 
Upvote 0 Downvote
Also make sure the PFS (Perfect Forward Secrecy) matches on both sides.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

UnderTheBusAsUsual
  • Question
Avaya IPO with OneCom and Gamma SIP trunks
Replies
1
Views
303
Firebird Scrambler
Firebird Scrambler
Michel$
  • Question
hi guys, After upgrading System Manager Communication Manager and Session Manager versions 8.1 to 10.2 SIP device phones display the error message "n
Replies
0
Views
237
Michel$
Michel$
nortavaya
  • Locked
  • Question
Stack between ERS-3524 and 3549, is it supported ?
Replies
2
Views
100
nortavaya
nortavaya
miky2019
  • Locked
  • Question
Equinox client request extension and password while using auto configuration
Replies
0
Views
73
miky2019
miky2019
b4btec
  • Locked
  • Question
Setting up a MLT trunk between a stack and an edge swtich
Replies
1
Views
74
andy88
andy88

Part and Inventory Search

Sponsor

Back
Top