Cisco Support Community
Community Member

SonicWalll VPN Client going through Cisco PIX Firewall

We have a school district connected to our main facility/network via T1 that is attempting to connect using the SonicWall VPN client to an outside entity through our PIX Firewall. We have opened all ports (50, 500, 4500) that the company implementing the SonicWall VPN client has requested as well as set our PIX to allow IPSEC, ESP, IKE, (fixup protocols in place) and whatever else we can find to allow this client to pass through. We have also opened up a laptop with the client on it completely in the PIX with no success.

When the SW VPN client is initiated from within the school district, it asks for authentication and attempts to connect but the connection never establishes. When we place a laptop with the client outside the PIX, the connection goes through with no problems at all. Another facility such as ours in another part of the state has the same issue with a school and hasn’t found a way to allow this to work through their PIX either. So, we know it is a PIX issue but cannot determine what we are missing.

We just want to allow the client to pass through and not set up the PIX as a VPN.

I hope I have written this clear enough. Any suggestions would be appreciated.


Lisa Smith

Community Member

Re: SonicWalll VPN Client going through Cisco PIX Firewall

The problem you are running into is not caused by the PIX and there is not a configuration parameter you can change on the PIX to fix this issue. What you are running into is a VPN technology that does not support NAT/PAT. In older VPN/IPSec implementations the IP Addresses were used as identifiers in the payload so as the packet passes through a NAT device the identifier no longer matches the source IP on the packet.

The only fix would be to update the Sonicwall software on both ends.


CreatePlease to create content