Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-24-2011 01:11 AM
Hi All,
I have nortel vpn router 1750 in our main site and PA-500 in the branch, I need ipsec tunnel between devices. Nortel has static IP, but PA dynamic. I found that Nortel has site-to-site, initiator and responder options. which option I have to use site-to site or responder? can PA become Initiator in this case?
Thank you.
10-24-2011 02:59 AM
As you have a Dynamic IP on one of the boxes I suggest you setup aggressive-mode VPN. As the PAN is using a dynamic IP it's best if the PAN inititates the tunnel.
07-20-2013 03:38 PM
Hi,
The dynamic ip is always the initiator in a site to site vpn where one of the peers is dynamic. There is no way to static peer can be the initiator.
Reason being the static has no idea about its peer's ip address if it wants to act as an initiator.
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
