I used to work for Nortel and supported the Contivity product. The Contivity
box supports FW1 stateful inspection engine and FW1 NAT for non-tunneled
traffic. In release 2.6.x Contivity also suports interface ACLs for
non-tunneled traffic for those who cannot afford(you have to but the
enterprise liscense for Contivity) or want FW1. Remeber this for non
tunneled traffic, Contivity still owns tunneled traffic.
Regards
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Brent Stackhouse
Sent: Tuesday, August 29, 2000 2:12 PM
To: [EMAIL PROTECTED]
Subject: Nortel Contivity and VPN
Hello,
I need a little help/info regarding
Nortel's Contivity Extranet Switch and
what the heck it is and is not able to
do. I would love to RTFM but I've been
given three firewall platforms to hook
up production VPNs to within two weeks
and I'm a little pressed for time.
What I do know is that there is a
Contivity firewall option and an FW-1
option. I just crashed through FW-1
training last week so I'm familiar
with that, more or less. My requirement
is to set up a site-to-site VPN using
Nortel Contivity switches on both ends,
running an IKE/IPsec tunnel that only
allows our "encryption domain" boxes to
speak with each other, in FW-1 parlance.
Pretty straightforward with PIX and FW-1
but I'm still unclear as to the
capabilities of the Nortel stuff. Any
tips, info, or pointers to doc are very
welcome. If I'm missing the obvious
(like this product sucks or I'm an idiot),
let me know. Thanks.
Brent Stackhouse
Security Analyst
2ndWave, Inc.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
