VPN between Cisco and Sonicwall TZ210

Unanswered Question
Apr 5th, 2010

I inherited a network with a Sonicwall TZ 210 recently and was informed that i needed to connect a site-to-site vpn between my tz 210 and a cisco firewall. The people that operate the cisco firewall sent me the config and said i needed to:

make ACL from xx.xxx.xxx.xxx to hosts on their side

AND

NAT interesting traffic to a particular network.

I have setup the TZ210, but i don't see any references to ACL's or anything that would help me connect a VPN to a cisco product. I have setup a number of VPNs on different firewall's, but never on a cisco product. Does this mean I am not compatible, or can someone translate how to make an ACL on a Sonicwall tz210?

Sonicwall doesn't seem to use the verbage of "NATing interesting traffic".   Can someone translate that into sonicwall-speak for mre?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 04/05/2010 - 11:07

stevecampisi wrote:

I inherited a network with a Sonicwall TZ 210 recently and was informed that i needed to connect a site-to-site vpn between my tz 210 and a cisco firewall. The people that operate the cisco firewall sent me the config and said i needed to:

make ACL from xx.xxx.xxx.xxx to hosts on their side

AND

NAT interesting traffic to a particular network.

I have setup the TZ210, but i don't see any references to ACL's or anything that would help me connect a VPN to a cisco product. I have setup a number of VPNs on different firewall's, but never on a cisco product. Does this mean I am not compatible, or can someone translate how to make an ACL on a Sonicwall tz210?

Sonicwall doesn't seem to use the verbage of "NATing interesting traffic".   Can someone translate that into sonicwall-speak for mre?

Steve

1) An acl on a cisco firewall is used to identify the local and remote networks of a site-to-site VPN. So from your perspective it is simply

i) the client addresses in your network that will be using the VPN tunnel

ii) the destination addresses in the other company that your clients will be accessing

2) NAT interesting traffic -  what this means is that the other company does not want to see your real client IP addresses. So if for example you were using 192.168.5.0/24 as your internal client addresses the other company wants you to NAT them to a different network so that when they arrive at the other company they will have different IPs than their real 192.168.5.x addresses.

I'm not familiar with Sonicwalls so i can't help with that config but hopefully that should help you work out what to do on your firewall.

Jon

Actions

This Discussion