Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
0
Helpful
1
Replies

PIX 501 and Nortel Contivity 1700

bth_dad
Level 1
Level 1

‎05-08-2003 01:11 PM - edited ‎02-20-2020 10:44 PM

I am trying to establish a branch office VPN connection between a PIX 501 and a Nortel 1700 using IPSEC. The 501 shows that the tunnel is up while the Contivity says it fails. The failure in the Contivity log is Invalid ID information in ISAKMP negotiation. I have the rekey timeouts set to 72000 secs. so I don't think that is it. Is there anything anyone is aware of that I need to set up to get these two boxes to work? Anyone aware of a sample config for establishing a connection between a PIX and a Contivity switch?

Thanks,

Todd

0 Helpful
1 Reply 1

hadbou
Level 5
Level 5

‎05-14-2003 11:02 AM

The default lifetimes on the PIX are as follows:

ISAKMP (IKE) = 86400 seconds

IPSec (SA) = 28800 seconds

At each rekey interval, the specific key for that function of the tunnel will be rekeyed. You need

to make sure that the ISAKMP setting (including lifetime) and the ISAKMP keys match exactly between

the 2 devices. Also, you can use the following debugs to watch the connection build/fail which will give you a better idea on what account it is failing:

debug crypto ipsec

debug crypto isakmp

debug crypto engine

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card