SonicWalll VPN Client going through Cisco PIX Firewall
We have a school district connected to our main facility/network via T1 that is attempting to connect using the SonicWall VPN client to an outside entity through our PIX Firewall. We have opened all ports (50, 500, 4500) that the company implementing the SonicWall VPN client has requested as well as set our PIX to allow IPSEC, ESP, IKE, (fixup protocols in place) and whatever else we can find to allow this client to pass through. We have also opened up a laptop with the client on it completely in the PIX with no success.
When the SW VPN client is initiated from within the school district, it asks for authentication and attempts to connect but the connection never establishes. When we place a laptop with the client outside the PIX, the connection goes through with no problems at all. Another facility such as ours in another part of the state has the same issue with a school and hasnt found a way to allow this to work through their PIX either. So, we know it is a PIX issue but cannot determine what we are missing.
We just want to allow the client to pass through and not set up the PIX as a VPN.
I hope I have written this clear enough. Any suggestions would be appreciated.
Re: SonicWalll VPN Client going through Cisco PIX Firewall
The problem you are running into is not caused by the PIX and there is not a configuration parameter you can change on the PIX to fix this issue. What you are running into is a VPN technology that does not support NAT/PAT. In older VPN/IPSec implementations the IP Addresses were used as identifiers in the payload so as the packet passes through a NAT device the identifier no longer matches the source IP on the packet.
The only fix would be to update the Sonicwall software on both ends.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...