HungryHouse
Vendor
Anyone have experience with the Contivity 221 with NAT?
Nortel does branch office tunnels slightly differently with these 221s apparently.
Here is scenario
221#1(bcm50e)-----Nat Rtr1---Internet---Nat rtr2---221#2
We are having a heck of a time trying to get even Phase I IKE Ipsec up and running all. Negotiation is failing.
The units are reachable.
In our test scenario, Nat rt1 is a Cisco 830 and Nat rtr2 is a Cisco PIX with port500 and ESP open. We've even tried opening all ports and no changes in negotiation.
Local and remote network match.
Parameters of tunnel are esp w/3DES MD5. IKE, tunnel mode.
The Nat routers are Nating the public addy on each side...and I have tried Nat traversal.
I know the VPN tunnel can be established without the NAT rtrs because I had it up when in lab#1 using standard routing and advertising the real addy. Now, in lab#2, am using Internet IPs but no success.
Any help is appreciated...
Nortel does branch office tunnels slightly differently with these 221s apparently.
Here is scenario
221#1(bcm50e)-----Nat Rtr1---Internet---Nat rtr2---221#2
We are having a heck of a time trying to get even Phase I IKE Ipsec up and running all. Negotiation is failing.
The units are reachable.
In our test scenario, Nat rt1 is a Cisco 830 and Nat rtr2 is a Cisco PIX with port500 and ESP open. We've even tried opening all ports and no changes in negotiation.
Local and remote network match.
Parameters of tunnel are esp w/3DES MD5. IKE, tunnel mode.
The Nat routers are Nating the public addy on each side...and I have tried Nat traversal.
I know the VPN tunnel can be established without the NAT rtrs because I had it up when in lab#1 using standard routing and advertising the real addy. Now, in lab#2, am using Internet IPs but no success.
Any help is appreciated...
