Cisco and Nortel
Mark Suhre
msuhre at nortelnetworks.com
Wed Jul 14 11:12:51 EDT 1999
Guy,
I came across this info in one of our email lists so I can't give you much
other info. This was the lab config to get this to work. The IP addresses
below are obviously just for demo purposes.
The Cisco private is 9.1.10.2. The public interface is 8.1.10.2. There is
a system behind
the Cisco at 9.1.10.51.
The Contivity Extranet Switch (CES) private interface is 10.18.0.1. The
public interface is 8.1.10.42.
There is a system behind the CES at 10.18.0.45. (The management
address is 10.18.0.42, but that isn't needed).
The CES and Cisco are connected to the same 100 MB hub.
Here is the config info from our Cisco:
Cisco2514# show config
Using 1088 out of 32762 bytes
version 11.3
no service password-encryption
hostname Cisco2514
enable secret 5 $1$aSJB$Xz/o4I4IqCY.FT2RH372/1
enable password password
!
crypto isakmp policy 1
hash md5
authentication pre-share
lifetime 3000
crypto isakmp key test address 8.1.10.42
!
crypto ipsec transform-set esp1 esp-des esp-md5-hmac
!
crypto map bay 11 ipsec-isakmp
set peer 8.1.10.42
set session-key lifetime seconds 3000
set transform-set esp1
match address 132
!
!
interface Ethernet0
ip address 9.1.10.2 255.255.255.0
no mop enabled
!
interface Ethernet1
ip address 8.1.10.2 255.255.255.0
no mop enabled
crypto map bay
!
interface Serial0
no ip address
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
shutdown
!
ip classless
ip route 10.18.0.45 255.255.255.255 8.1.10.42
access-list 132 permit ip host 9.1.10.51 host 10.18.0.45
access-list 132 permit ip host 10.18.0.45 host 9.1.10.51
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community public RO
line con 0
line aux 0
line vty 0 4
password terminal
login
end
On the Contivity Extranet Switch,
Define the network (Profiles->Networks) by adding the IP address for the
new subnet (10.18.0.45 for this example) with the appropriate subnet mask
(255.255.255.255 for this example - we use a host mask since we only have
one node on the network).
Create the branch definition with the appropriate encryption levels
(initially, enable everything and once the branch has been established
successfully,
you can back things out)
Finally, disable Perfect Forward Secrecy from the Tunnels->IPsec page for
V2.11 or
by editing the group that contains the branch with V2.5, and disable
VENDOR_ID.
Regards,
Mark Suhre
Systems Engineer
Baltimore, Maryland
410-986-2526
msuhre at nortelnetworks.com
-----Original Message-----
From: owner-vpn at listserv.secnetgroup.com
[mailto:owner-vpn at listserv.secnetgroup.com]On Behalf Of
guy.raymakers at europe.eds.com
Sent: Friday, July 09, 1999 3:42 AM
To: vpn at listserv.secnetgroup.com
Subject: Cisco and Nortel
Hi,
Does anyone ever tried to run IPsec between a Cisco (IOS 12.0) router and a
Nortel CES 2000 ?
If case you did, would it be possible to share some information about how to
configure this ?
Many Thanks,
Guy Raymakers
EDS
****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
We are currently experiencing "unsubscribe" difficulties. If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
****************************************************************
****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
We are currently experiencing "unsubscribe" difficulties. If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com
****************************************************************
More information about the VPN
mailing list