I help with cisco ios vpn to sonicwall tz170

Unanswered Question
Dec 8th, 2009
User Badges:

Hi


I am trying to get a site to site vpn working. I am using a cisco 877 router to a sonic firewall TZ170, the sonicwall is using 3.1.0.15 firmware.

I have control of the cisco end but am relying on a 3rd party to configure the sonicwall. I have sent all the cisco docmentation i can find that relates to this setup but he says none of them resemble the gui interface he is using. We have tried our best but the vpn will not come up.

I have attached my config and wonder if there is someone out there who can take a look and also may have done this setup before.


Regards


Colin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ReadersUK Thu, 12/10/2009 - 07:47
User Badges:

Hi to anyone who has the same poblem as i did here is the setup i finally used to get this working

Sonic firewall was TZ170 running standard OS 3.1.0.15

Sonicwall settings

use DH Group2

Main Mode and not agresive

set sa lifetime to 86400 (this is the max cisco IOS supports)

Phase 1 set hash to sha1 and encrption to 3des

phase 2 set protocol ESP

Encryption 3des

authentication sha1

tick the keepalives box and enable "try to bring up all possible tunnells"


Settings i used on the cisco router

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2


crypto ipsec transform-set myset esp-3des esp-sha-hmac



crypto map mymap 10 ipsec-isakmp

set peer 1.1.1.1

set security-association lifetime seconds 86400

set transform-set myset



This set up worked instantly so my be worth making a note of.


hope it helps someone.


regards


colin

Actions

This Discussion