Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix to Sonic wall

Hi;

I confirured a tunnel between a cisco pix with ios 6.3 and a Sonicwall that has the lastest ios installed, which is working fine.

The problem I'm having is that when I try to add a dynamic vpn configuration to the pix it seems to drop the tunnel afterwards.

The dynamic client configuration between the pix to pix works fine.

If anyone can shed some light on this that would be great. Thanks in advance.

Ollie

2 REPLIES

Re: Pix to Sonic wall

Ollie,

Can you post your pix config, and are you using standard os or enhanced os on the Sonicwall?

I have extensive experince with Sonicwalls and PIX's so I should be able to help you here.

Patrick

New Member

Re: Pix to Sonic wall

Hi;

Thanks for replying, on the Sonic wall we are using the enhanced version.

Below is the main areas of the config on the pix:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list 101 permit ip 10.1.8.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list remotesite1 permit ip 10.1.8.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list nat permit ip 10.1.8.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list nat permit ip 10.1.8.0 255.255.255.0 172.16.1.0 255.255.255.0

ip local pool poolA 192.168.100.1-192.168.100.255

mtu outside 1500

mtu inside 1500

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 bb.bb.bb.bb

sysopt connection permit-ipsec

sysopt noproxyarp inside

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto dynamic-map vpnclient 30 set transform-set ESP-DES-SHA

crypto map cisco 5 ipsec-isakmp

crypto map cisco 5 match address remotesite1

crypto map cisco 5 set peer xx.xx.xx.xx

crypto map cisco 5 set transform-set ESP-DES-SHA

crypto map cisco 20 ipsec-isakmp dynamic vpnclient

crypto map cisco client authentication LOCAL

crypto map cisco interface outside

isakmp enable outside

isakmp key xxxxx address xx.xx.xx.xx netmask 255.255.255.255

isakmp key xxxxxx address 0.0.0.0 netmask 0.0.0.0

isakmp identity address

isakmp keepalive 10

isakmp nat-traversal 20

isakmp policy 5 authentication pre-share

isakmp policy 5 encryption des

isakmp policy 5 hash sha

isakmp policy 5 group 2

isakmp policy 5 lifetime 28800

vpngroup cisco address-pool poolA

vpngroup cisco default-domain domain.com

vpngroup cisco split-tunnel 101

vpngroup cisco split-dns 10.1.8.52 10.1.5.2

vpngroup cisco idle-time 1800

vpngroup cisco password xxxxx

vpdn username admin password xxxxx

vpdn enable outside

dhcpd address 10.1.8.127-10.1.8.254 inside

dhcpd dns 10.1.8.52 10.1.8.2

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain domain.com

dhcpd enable inside

username test1 password privilege 15

Thanks

104
Views
0
Helpful
2
Replies
CreatePlease to create content