Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix to Sonic wall


I confirured a tunnel between a cisco pix with ios 6.3 and a Sonicwall that has the lastest ios installed, which is working fine.

The problem I'm having is that when I try to add a dynamic vpn configuration to the pix it seems to drop the tunnel afterwards.

The dynamic client configuration between the pix to pix works fine.

If anyone can shed some light on this that would be great. Thanks in advance.



Re: Pix to Sonic wall


Can you post your pix config, and are you using standard os or enhanced os on the Sonicwall?

I have extensive experince with Sonicwalls and PIX's so I should be able to help you here.


New Member

Re: Pix to Sonic wall


Thanks for replying, on the Sonic wall we are using the enhanced version.

Below is the main areas of the config on the pix:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list 101 permit ip

access-list remotesite1 permit ip

access-list nat permit ip

access-list nat permit ip

ip local pool poolA

mtu outside 1500

mtu inside 1500

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nat

nat (inside) 1 0 0

access-group outside_access_in in interface outside

route outside

sysopt connection permit-ipsec

sysopt noproxyarp inside

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto dynamic-map vpnclient 30 set transform-set ESP-DES-SHA

crypto map cisco 5 ipsec-isakmp

crypto map cisco 5 match address remotesite1

crypto map cisco 5 set peer xx.xx.xx.xx

crypto map cisco 5 set transform-set ESP-DES-SHA

crypto map cisco 20 ipsec-isakmp dynamic vpnclient

crypto map cisco client authentication LOCAL

crypto map cisco interface outside

isakmp enable outside

isakmp key xxxxx address xx.xx.xx.xx netmask

isakmp key xxxxxx address netmask

isakmp identity address

isakmp keepalive 10

isakmp nat-traversal 20

isakmp policy 5 authentication pre-share

isakmp policy 5 encryption des

isakmp policy 5 hash sha

isakmp policy 5 group 2

isakmp policy 5 lifetime 28800

vpngroup cisco address-pool poolA

vpngroup cisco default-domain

vpngroup cisco split-tunnel 101

vpngroup cisco split-dns

vpngroup cisco idle-time 1800

vpngroup cisco password xxxxx

vpdn username admin password xxxxx

vpdn enable outside

dhcpd address inside

dhcpd dns

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain

dhcpd enable inside

username test1 password privilege 15


CreatePlease to create content