Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN to Sonicwall

Hi all,

I have an ASA 5505 and I'm trying to build a site to site VPN to a sonicwall firewall.

The firewall is doing NAT and has a net connection. I followed the directions at cisco's site to the letter (they had a document describing how to setup a VPN from a sonicwall to an ASA).

Anyway,

My LAN is 192.168.12.0/24 and the remote LAN is 10.5.0.0/24

Here's my config. Any ideas? I'm stumped.

ASA Version 7.0(7)

!

hostname asa1

domain-name test.net

enable password **************

names

dns-guard

!

interface GigabitEthernet0/0

nameif inside

security-level 100

ip address 192.168.12.14 255.255.255.0

!

interface GigabitEthernet0/1

nameif outside

security-level 0

ip address 66.*.*.2 255.255.255.252

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

!

passwd **************

ftp mode passive

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list inside_nat0_outbound extended permit ip any 192.168.12.0 255.255.255

.0

access-list pixtosw extended permit ip 192.168.12.0 255.255.255.0 10.5.0.0 255.2

55.255.0

pager lines 24

logging console debugging

mtu outside 1500

mtu inside 1500

no failover

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list pixtosw

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 66.*.*.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set austinlab esp-3des esp-sha-hmac

crypto dynamic-map ciscopix 1 set transform-set austinlab

crypto map dynmaptosw 66 ipsec-isakmp dynamic ciscopix

crypto map dynmaptosw interface outside

isakmp identity address

isakmp enable outside

isakmp policy 13 authentication pre-share

isakmp policy 13 encryption 3des

isakmp policy 13 hash sha

isakmp policy 13 lifetime 28800

isakmp policy 65535 authentication pre-share

isakmp policy 65535 encryption 3des

isakmp policy 65535 hash sha

isakmp policy 65535 group 2

isakmp policy 65535 lifetime 86400

tunnel-group 10.5.0.0 type ipsec-l2l

tunnel-group 10.5.0.0 ipsec-attributes

pre-shared-key *

tunnel-group 192.168.12.0 type ipsec-l2l

tunnel-group 192.168.12.0 ipsec-attributes

pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

Cryptochecksum:xxx

: end

5 REPLIES

Re: VPN to Sonicwall

New Member

Re: VPN to Sonicwall

I get a 403 when I try that link...

Re: VPN to Sonicwall

OK - what is the internet IP address of the sonic wall?

New Member

Re: VPN to Sonicwall

216.183.*.*

New Member

Re: VPN to Sonicwall

tunnel-group 10.5.0.0 type ipsec-l2l

tunnel-group 10.5.0.0 ipsec-attributes

pre-shared-key *

tunnel-group 192.168.12.0 type ipsec-l2l

tunnel-group 192.168.12.0 ipsec-attributes

pre-shared-key *

The above one is wrong

tunnel-group 216.183.* type ipsec-l2l

tunnel-group 216.183.* ipsec-attributes

pre-shared-key *

342
Views
0
Helpful
5
Replies