A client of ours want to use a site-to-site vpn from their nortel 4600 to our pix 520 (6.3/3.0). They want to connect to a server in our DMZ but they have no route to the internet. Ergo, they have to establish a tunnel and we have to setup a translation so that the server they need access to appears to be on their network.
Now, I figured this would be really easy. He ran his site-to-site wizard and I ran mine, we standardized on esp-3des-md5 and traded our shared secret. However he could not connect (and I have no idea how to tell the cisco to establish the tunnel). The nortel uses pfs by default, I turned that on. Still no dice. We switched to sha from md5, still no dice. His box was telling him that it couldnt even establish the tunnel between the peers.
Obviously we have to be able to establish the tunnel before we try testing the translation. Any tips?
Now, I figured this would be really easy. He ran his site-to-site wizard and I ran mine, we standardized on esp-3des-md5 and traded our shared secret. However he could not connect (and I have no idea how to tell the cisco to establish the tunnel). The nortel uses pfs by default, I turned that on. Still no dice. We switched to sha from md5, still no dice. His box was telling him that it couldnt even establish the tunnel between the peers.
Obviously we have to be able to establish the tunnel before we try testing the translation. Any tips?