Branch Office Connection between Contivity 1100 and Linksys WAG54GVS

[spydummy]

Hi,
I've trying to setup a branch office between Nortel Contivity 1100 and Linksys WAG54GVS. I have absolutely no experience with line of router.
I have public IP address for the Contivity 1100 but the remote Linksys router is using dynamic public IP address.

Private Net1--Contivity--Cisco C837---Internet---Lynksys WAG54GVS --Private Net2

Has anyone has done such setup or is it possible to have such setup?

Thanks in advance.

 

[Jephph]

Let me put it this way... If you had two 1100's, this could be made to work by configuring ABOT's in Initiator/Responder mode. You would configure the one with the static IP to be the Responder and the one with Dymnamic Ip would be the Initiator.
I don't know if the Linksys can be configured to do this -- you'll need to consult its documentation.
Good luck. If you get it to work, consider posting an FAQ in this forum for the benefit of us all.

Jephph

 

[nsantin]

On the Linksys Side:
Local Secure Group: Your Subnet on the linksys
Remote Secure Group: Subnet(s) on the 1100
Remote Security Gateway: Public IP of 1100
Encryption : 3DES
Authentication: SHA
Key Management: Auto (IKE)
PFS: Enabled
Keylife 86399
PSK: Make up a key - Note the Linksys displays this a clear text.
Advanced setting:
phase 1:
Mode: Aggressive Mode
Username: Check ON and make up a name that doesn't exist on the 1100
Proposal 1: 3DES, SHA, 1024bit, 86399 life
Phase 2:
Proposal 1: 3DES, SHA, PFS: ON, 1024bit, 86399 life
Other: Anti-Replay ON

On on the 1100

Create a new Branch Office Group:

Connectivity setting:
Nailed Up: Disabled
Access Hours: Anytime
Call Admission Priority: Highest Priority
Forwarding Priority: Low Priority
Idle Timeout: 00:15:00
Forced Logoff: 00:00:00
RSVP: Disabled
RSVP: Token Bucket Depth: 3000 Bytes
RSVP: Token Bucket Rate: 28 Kbps
Branch Office Bandwidth Policy:
- Committed Rate: 56 Kbps
- Excess Rate: 128 Kbps
- Excess Action: Mark
IPsec Settings:
Encryption:
- ESP - 128-bit AES with SHA1 Integrity: Disabled
- ESP - 256-bit AES with SHA1 Integrity: Disabled
- ESP - Triple DES with SHA1 Integrity: Enabled
- ESP - Triple DES with MD5 Integrity: Enabled
IKE Encryption and Diffie-Hellman Group: Triple DES with Group 2 (1024-bit prime)
Vendor ID: Enabled
Aggressive Mode ISAKMP Initial Contact Payload: Enabled
Perfect Forward Secrecy: Enabled
Compression: Enabled
Rekey Timeout: 23:59:59
Rekey Data Count: (None)
ISAKMP Retransmission Interval: 16
ISAKMP Retransmission Max Attempts: 4
Keepalive interval: 00:01:00
Keepalive (On-Demand connections): ENABLED
Anti Replay: ENABLED
IPsec DFBit: CLEAR

Create a new Branch Office Connetion:
Type: IPSEC, Responder
Authentication: PSK
Initiator ID: "Username" from the linksys
PSK: "PSK" from the linksys
Local Networks: Match the Remote network on the Linksys
Remote Networks: Match the local network on the Linksys


That should do it.

 

[spydummy]

Hi nsantin,

thanks for your configuration. I will try it out.

 

[spydummy]

Hi nsantin,

Has tried your configuration but found out that there is some "missing" prompts that you indicate above. Are you able to advise how can I "turn" on the prompts?

Missing prompts are:
On the linksys side, there is no username field in the advance setting. Understand that this is required for initiator id for the contivity.

on the New Branch Office Group, there is no nailed up, ISAKMP Initial Contact Payload, ISAKMP Retransmission Interval, ISAKMP Retransmission Max Attempts, Keepalive interval, Keepalive (On-Demand connections) and IPsec DFBit.

Are you able to help? Thanks in advance.