vpn between nortel and PA-500

Reply
Highlighted
Not applicable

vpn between nortel and PA-500

Hi All,

I have nortel vpn router 1750 in our main site and PA-500 in the branch, I need ipsec tunnel between devices. Nortel has static IP, but PA dynamic. I found that Nortel has site-to-site, initiator and responder options. which option I have to use site-to site or responder? can PA become Initiator in this case?

Thank you.

Tags (2)
Highlighted
L3 Networker

Re: vpn between nortel and PA-500

As you have a Dynamic IP on one of the boxes I suggest you setup aggressive-mode VPN. As the PAN is using a dynamic IP it's best if the PAN inititates the tunnel.

Highlighted
L3 Networker

Re: vpn between nortel and PA-500

Hi,

The dynamic ip is always the initiator in a site to site vpn where one of the peers is dynamic. There is no way to static peer can be the initiator.

Reason being the static has no idea about its peer's ip address if it wants to act as an initiator.

Regards

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!