Problem with S2S VPN b/w Cisco ASA 5540 and DELL SONICWALL NSA 240
Guys... Need Help here with a Problem.
i have Cisco ASA 5540 and trying to make IPSEC Site-2-Site VPN with a client (their device is DELL SONICWALL NSA 240).
ALL parameters of Phase I and II are exactly matching ..... i have tried many possibilities but somehow phase II is NOT coming UP. i have checked it on different forums and found that i am NOT the only one who is facing this problem with these two devices but couldnt find a solution to this problem.
One Anomaly .... My Public leg of ASA is behind a NAT Public IP but somehow on DELL SONICWALL NSA 240 firewall ..... my NAT (Live IP) and actual private IP of my ASA public leg is shown in the Logs.
Problem with S2S VPN b/w Cisco ASA 5540 and DELL SONICWALL NSA
Finally the testing is successful on Sonicwall NSA 240 as well with Cisco ASA. Actually somehow Sonicwall firewall was discovering my VPN Box's Public leg (Private IP (10.10.50.10)) as well, which was behind a Live Peer IP (203.124.x.x). As per security policies it shouldnt have been discovered on the remote end. i will bring this in Cisco TAC notice.
Logs of Sonicwall were showing ASA local ike id as "203.124.x.x" & ASA Remote ike id "10.10.50.10".
Sonicwall sets these two parameters with PSK (local ike id & remote ike id). This is other than setting the Peer IP. i asked my client to add my ASA actual and NAT IP in these two parameters and the VPN got UP.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...