I went through this same pain. I ended up just paralleling my VPN box to the
firewall. Worked like a charm.
-----Original Message-----
From: Chris F [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 05, 2001 10:02 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] Nortel Contivity VPN
Hi Tim/All --
I had the same problem with my FW 4.1 SP2 and Nortel.
I, CP side, that to bring up the VPN before it worked.
However, I couldn't encrypt with them -- but they
could encrypt/decrypt with me.
I rebuilt my FW completely last Tuesday (Solaris 2.6,
FW4.1 SP0 --> SP3).
One of my goals were to try and get the VPN working
again. Thanks to your post, now I know not to waste my
time.
We have a Nortel box for the VPN currently in place :(
Thanks -- Chris
--- [EMAIL PROTECTED] wrote:
> Hi
>
> Trying to setup VPN from CP FW1 4.0 SP4 to Nortel
> Contivity.
>
> No success trying to follow the steps for FW1 4.1.
>
> (Furthest I got was getting acknowledgement that IKE
> Phase 1 completed but
> failed on Phase 2 - invalid protocol).
>
> Now I have more depressing information:-
>
> "...according to Nortel, VPN connectivity with a
> Checkpoint unit must be
> initiated from the Checkpoint side. Nortel admits
> that this is because
> the Contivity OS is not IPSEC compliant. This will
> be fixed in the next
> release, 3.6, due 6/01. I suspect that this means
> you will have to set up
> with a Contivity of your own at your side..."
>
>
> Before I surrender and get a Contivity (god knows
> where it will 'sit' -
> behind FW-1 ?) - any ideas ?
>
>
> Cheers
>
>
> Tim Higgins
>
>
#**********************************************************************
> This message is intended solely for the use of the
> individual
> or organisation to whom it is addressed. It may
> contain
> privileged or confidential information. If you have
> received
> this message in error, please notify the originator
> immediately.
> If you are not the intended recipient, you should
> not use,
> copy, alter, or disclose the contents of this
> message. All
> information or opinions expressed in this message
> and/or
> any attachments are those of the author and are not
> necessarily those of Hughes Network Systems Limited,
> including its European subsidiaries and affiliates.
> Hughes
> Network Systems Limited, including its European
> subsidiaries and affiliates accepts no
> responsibility for loss
> or damage arising from its use, including damage
> from virus.
>
#**********************************************************************
>
__________________________________________________
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
