02-09-2006 01:33 PM - edited 02-21-2020 12:42 AM
Hi;
I confirured a tunnel between a cisco pix with ios 6.3 and a Sonicwall that has the lastest ios installed, which is working fine.
The problem I'm having is that when I try to add a dynamic vpn configuration to the pix it seems to drop the tunnel afterwards.
The dynamic client configuration between the pix to pix works fine.
If anyone can shed some light on this that would be great. Thanks in advance.
Ollie
02-09-2006 04:32 PM
Ollie,
Can you post your pix config, and are you using standard os or enhanced os on the Sonicwall?
I have extensive experince with Sonicwalls and PIX's so I should be able to help you here.
Patrick
02-16-2006 11:03 AM
Hi;
Thanks for replying, on the Sonic wall we are using the enhanced version.
Below is the main areas of the config on the pix:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list 101 permit ip 10.1.8.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list remotesite1 permit ip 10.1.8.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list nat permit ip 10.1.8.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list nat permit ip 10.1.8.0 255.255.255.0 172.16.1.0 255.255.255.0
ip local pool poolA 192.168.100.1-192.168.100.255
mtu outside 1500
mtu inside 1500
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 bb.bb.bb.bb
sysopt connection permit-ipsec
sysopt noproxyarp inside
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto dynamic-map vpnclient 30 set transform-set ESP-DES-SHA
crypto map cisco 5 ipsec-isakmp
crypto map cisco 5 match address remotesite1
crypto map cisco 5 set peer xx.xx.xx.xx
crypto map cisco 5 set transform-set ESP-DES-SHA
crypto map cisco 20 ipsec-isakmp dynamic vpnclient
crypto map cisco client authentication LOCAL
crypto map cisco interface outside
isakmp enable outside
isakmp key xxxxx address xx.xx.xx.xx netmask 255.255.255.255
isakmp key xxxxxx address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp keepalive 10
isakmp nat-traversal 20
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption des
isakmp policy 5 hash sha
isakmp policy 5 group 2
isakmp policy 5 lifetime 28800
vpngroup cisco address-pool poolA
vpngroup cisco default-domain domain.com
vpngroup cisco split-tunnel 101
vpngroup cisco split-dns 10.1.8.52 10.1.5.2
vpngroup cisco idle-time 1800
vpngroup cisco password xxxxx
vpdn username admin password xxxxx
vpdn enable outside
dhcpd address 10.1.8.127-10.1.8.254 inside
dhcpd dns 10.1.8.52 10.1.8.2
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain domain.com
dhcpd enable inside
username test1 password privilege 15
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide