Can't get site-to-site VPN to work between Sonicwall PRO3060 and Cisco router

I have a Sonicwall Pro3060 and a Cisco EPC2425 router. I have setup a site-to-site VPN and it won't connect. All the settings are the same on both ends and the security matches, but on the Cisco I can see:

Failed ESP packet internal IP on CIsco subnet > internal IP on Pro3060 subnet
PatcketEncapsulate failed with error bad sequence number

Then in the Sonicwall logs I don't really see anything.

When I'm setting up the VPN on the Cisco end it gives me the option to automatically use the WAN IP, but when this is ticked I get an IP address that starts with 10.x.x.x. However, if you go to whatsmyip.com and run that from one of the computers behind it it gives you something with 95.x.x.x.
LVL 1
willlandymoreAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IT-Monkey-DaveCommented:
"Then in the Sonicwall logs I don't really see anything."
The Sonicwall's logging of attempted VPN connections is very comprehensive.  Every step in the sequence of establishing the VPN connection (success or failure) should generate a log entry.  If you don't see anything, check your SW log setup & filters etc.  There must be some clues there.

0
digitapCommented:
Go to Log > Categories and make sure the settings are as the screen shot shows.  IT-Monkey is right.  The log should show the VPN negotiation all the way through.
greenshot-2010-04-08-23-43-15.jpg
0
willlandymoreAuthor Commented:
yeah, it just wasn't giving any good errors because it was failing on the very first step. However, I got them to open the Cisco device on the other end for me and found that the VPN settings were matching but that they had used 255.255.255.255 on the WAN interface for the SM. I don't know how they were getting internet with this but it's almost certainly why things are off in this scenario.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
digitapCommented:
If they were given a single public IP, I think 255.255.255.255 represents a single host IP.  Not sure though how a Cisco should be configured in this scenario...sounds like I'm not the only one >GRIN<!  Anywho, are you indicating that the issue is resolved?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.