Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN router behind a Sonicwall firewall


I'm trying to set up a network with the following design and wanted to see if there would be any problems with remote users being able to make a VPN to the Cisco router configured as a VPN endpoint. My design is attached as a JPG file and VPN clients would use a pool of addresses configured on the Cisco 1720 (configured as a VPN endpoint) and would be something like - These VPN users need to access the servers on the subnet

My question/concern is will having the Sonicwall firewall performing NAT cause a problem with VPN clients connecting to the Cisco 1720 router (configured as a VPN endpoint)?

I was going to configure a static NAT on the Sonicwall firewall so that VPN clients would connect to a 200.200.200.x address and the Sonicwall firewall would then NAT this to a 192.168.0.x address on the Cisco router. Will this NAT affect the ISAKMP/IPSec traffic and not successfully establish the VPN

Do you have a sample configuration (router and/or VPN) that I could reference for this type of setup?

Thanks in advance


New Member

Re: VPN router behind a Sonicwall firewall

Well according to me NAT is evil =).

However NAT a IPSEC is not a problem as long as your firewall supports it. The Cisco 1720 won't know the differance. You need to make sure your Sonic Firewall supports it. And yes you need to have a static nat for it to work properly. We currently use ( I hate it but=) a checkpoint FW that NAT's the IPSEC traffic to a VPN concentrator and that works just fine. BUT we did have issues with it cause the firewall wasn't really doing it's NAT job.

So my suggestion is to assign the C1720 a Public IP if possible.

New Member

Re: VPN router behind a Sonicwall firewall

Hi Andreas

Thanks for the info. I was planning on doing a static NAT on the Sonicwall and am hoping that this doesn't cause problems.

I'd prefer to have a gateway router and have the Sonicwall and Cisco router next to one another rather than have 1 behind the other but the cost of buying another Cisco router is being frowned upon.



CreatePlease to create content