12-17-2007 05:08 PM - edited 02-21-2020 03:26 PM
I am setting up a site to site VPN Cisco 3825 router to Sonic Wall Pro 4060 firewall. The VPN tunnel comes up great with no erros, but there are no encaps or decaps...just send and recieve errors when each end tries to establish connectivity. Any help would be greatly appreciated.
Thanks in advance.
12-18-2007 03:41 AM
Is your crypto ACL's setup correctly on the c3825? Can't comment on the SonicWall.
Jay
12-18-2007 03:49 AM
12-18-2007 05:23 AM
12-18-2007 05:49 AM
12-18-2007 06:12 AM
Thanks for the info. So you think my side looks ok? Strange that it works in my lab Cisco to Cisco.
12-18-2007 01:03 PM
Brandon
I have not done the combination of VPN and static NAT that you are doing. From your comment am I correct in assuming that you have this set up in your lab and it is working correctly to translate and to protect with IPSec VPN?
I also wonder a little about your comment that the config that you posted is from a lab router that is very much like the production environment. It might be good to think carefully about what things are not exactly the same and whether any of these differences might be affecting things.
On the production router where it is not working are you getting hits on the ACL that identifies traffic for VPN (in the lab it is ACL 100)?
It might be helpful if you could post the output of show crypto map and the output of show crypto ipsec sa.
HTH
Rick
12-18-2007 01:11 PM
Rick,
Thanks for your reply. I just found what the issue was. I had to add my static route and am now getting encaps and decaps.
12-18-2007 01:33 PM
Brandon
I am glad that you have figured out what the issue was. Frequently it is the small things (like the static route - which seems un-important when you are addressing complex things like IPSec) that turn out to be the problem.
Congratulations on getting it working.
HTH
Rick
12-18-2007 01:45 PM
Rick,
The static nat with IPSec/VPN's works really well. It is only available with a fairly recent IOS version. I really comes in handy when you have an internal host that is accessed over several VPN's and you are nating on one of those VPN's and not the others.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: