Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN site-to-site with Nortel gears ?

Status
Not open for further replies.

cisco99999

IS-IT--Management
Nov 5, 2007
71
US
Hi Guys,


I'd like to setup VPN site-to-site between my office A (vpn gateway 3050) and office B (BSR222), Most likely office B will be client and need access to office A 24/7. Could someone please tell me what I need to set vpn gateway 3050 and BSR 222 so I can have a vpn site-to-site. I have done with Sonicwall before but Nortel is totally new to me.


Thanks,

Lucas
 
On the 3050 you need to create a Branch Office Tunnel profile. Your site with the 222 will have to have a static IP address.

On the 3050 it is under IPSec>BO Tunnel Profiles tab. Everything on both sides has to match - PFS, Encryption, and DH group number.

I've used my 3050 with 221 and 1050/1100 units. It will work, but I had varying issues with tunnels dropping, etc. I ended up going with a SR 1002 as a central site VPN endpoint and have experienced no issues since. In reality the 3050 (I have been told by engineers - after the boss bought the thing) was not really designed to handle Branch Office Tunnels - it is really an SSL VPN, and BOT was added to make it a one-box solution for people like me.
 
Hi there,

My site with the 222 has static ip.

I was trying to configure BO tunnel profiles, but what IP address should I put for 'Remote EndPoint' field ?

According to the Nortel pdf files:
"The BO tunnel’s remote endpoint is the branch office’s public IP address, for example the Portal
IP address (or VIP) of a VPN.
The Branch Office Tunnel Profile Configuration form is displayed."

Thanks,
 
Curtismo,
We are exploring the option of moving a number of BO tunnels from a Contivity over to our 3050 deployment and would appreciate it if you could expand a bit on your "varying issues with tunnels dropping, etc." post.
 
The remote endpoint field (on the 3050) is the IP address of your 222.
 
jwbj, the problems I had were with when a tunnel dropped (for example, the far-end VPN rebooted due to power failure, or a DSL issue), the DPD (dead peer detection) would not detect that the tunnel was down, the tunnel would reestablish but no data would pass thru, requiring going into the 3050 and performming a reset of the tunnel to get data to pass.

If you have a Contivity central site and its working ok, I wouldn't move away from it. If you must, you might search the Nortel knowledgebase to see issues with BO tunnels you might experience. I didn't have problems with all of my tunnels, but even thought the endpoint VPNs were set up the same, I had problems with others.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top