Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Set up tunnel from 1100 to 221

Status
Not open for further replies.
huffditty

huffditty

Programmer
Joined
Dec 26, 2006
Messages
55
Location
US
Here is my situation, I have a contivity 1100 and a 221. I need to build a vpn tunnel from scratch for IP phones to work off the 221 side of the routers. I have no idea how to implement this it is my first tunnel I will be setting up. Can someone please give me some good directions on how to do this. Oh yes it is a BCM 400 phone system. Thanks much in advance.
 
Sort by date Sort by votes
Still cant get it to work!!!! I have tried everything, I have the 1050 as the responder, I can see it in the logs that it tries to negotiate the connection. Can you force the 221 to connect? I have enabled all the encryption on the responder 1050, but it still wont connect.

Anti-replay is enabled on the 1050, is that the same as enable replay detection, on the 221?

Here are my settings on the 221

active:checked
Keep alive:checked
key management:IKE
Negotiation mode:aggressive
Local ID type:email
content:email address
My IP address:0.0.0.0
Peer type ID:IP
content: this box is empty
secure gateway address:this is my remote public IP of the 1050
encapsulation mode:Tunnel
esp:unchecked
AH:checked
encryption algorithm:DES
authentication Algorithm:MD5 (on the AH side)
authentication Algorithm:MD5 (on the ESP side)
pre-shared key:XXXX
pre shared confirm:XXXX

I have my ip policy configured
Local IP address 192.168.2.0-192.168.2.30
Remote IP Address 192.168.255.50-192.168.255.254
Private IP is :N/A

Advanced section
enable replay detection:yes
ph1
negotiation mode:aggressive
pre:xxxx
confirm pre:xxxx
encryption algorithm:DES
Authentication algorithm:MD5
SA Life time:28800
Key group:DH1

Ph2
Active protocol:AH
encryption algorithm:DES
Authentication Algorithm:MD5
SA Life timer:28800
encapsulation:tunnel
perfect forward secrecy(PFS):NONE

Thanks for any help, thinking about using another 1050, or a linksys (if I have to)




 
Upvote 0 Downvote
If compression is enabled on the 1100, that can cause issues with a 221 connecting.

Also make sure the local/remote networks match exactly on both sides of the tunnel. I'm not sure how you're subnetted, but if both sides are class C networks you could specify a subnet address of 192.168.2.0/24 as local to the 221, 192.168.255.0/24 as remote to the 221, and flip them on the 1100. I've always used DNS as the local ID type, call it remote1 or something like that on the 221, and make sure you have remote1 as the initator ID on the 1100.
 
Upvote 0 Downvote
Help, I am just trying to set up Internet connection though 1100 to dsl actiontec gt701, what the heck do I need to do. I threw out the 221 for now!!!


Thanks in advance
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tdhaslett
  • Locked
  • Question Question
Hotline setup to four cell phones
Replies
1
Views
815
tdhaslett
tdhaslett
H
  • Locked
  • Question Question
Save Merge: Failed to save the Configuration Data
Replies
1
Views
454
Firebird Scrambler
Firebird Scrambler
Michel$
  • Locked
  • Question Question
hi guys, After upgrading System Manager Communication Manager and Session Manager versions 8.1 to 10.2 SIP device phones display the error message "n
Replies
0
Views
784
Michel$
Michel$
AShammah
  • Locked
  • Question Question
Nortel/Spectralink 2211/2210 lasted firmware
Replies
0
Views
678
AShammah
AShammah
tdhaslett
  • Locked
  • Question Question
Mysterious calls to my cell phone
Replies
5
Views
912
tdhaslett
tdhaslett

Part and Inventory Search

Sponsor

Back
Top