riverbank
asked on
Configure Sonicwall TZ-190 with Cisco VPN box
On the Sonicwall we have an assigned range of WAN IP addresses 123.123.123.1/255.255.255. 248 while the WAN IP address we need to use is 111.111.111.229/255.255.25 5.252. This configuration has worked fine for our requirements until now.
x0:lan - 192.168.168.1/255.255.255. 0
x1:wan - 111.111.111.229/255.255.25 5.252
x2:
x3:
x4:
x5:
We have an external US dept who want to introuduce a Cisco box-to-box VPN to allow users in our network to access servers in the US one. They have supplied a pre-configured Cisco ASA device configured with a public IP address 123.123.123.3 (i.e in the range of useable IP addresses we have).
To get this incorporated in the network I believe we need to add another PortShield interface in transparent mode to allocate the required IP address to this device and allow it to create the box to box VPN. However because of the disparity in the WAN IP address and the useable IP address I get "Error: Transparent Range not in WAN subnet" when I try to add this interface.
I have no access to the Cisco box so I cannot see a way to alter the setup to use NAT instead of transaprent mode and I'm not sure whether it would correctly build the VPN tunnel using NAT. Does anyone know if this is possible and if it is what I am missing?
x0:lan - 192.168.168.1/255.255.255.
x1:wan - 111.111.111.229/255.255.25
x2:
x3:
x4:
x5:
We have an external US dept who want to introuduce a Cisco box-to-box VPN to allow users in our network to access servers in the US one. They have supplied a pre-configured Cisco ASA device configured with a public IP address 123.123.123.3 (i.e in the range of useable IP addresses we have).
To get this incorporated in the network I believe we need to add another PortShield interface in transparent mode to allocate the required IP address to this device and allow it to create the box to box VPN. However because of the disparity in the WAN IP address and the useable IP address I get "Error: Transparent Range not in WAN subnet" when I try to add this interface.
I have no access to the Cisco box so I cannot see a way to alter the setup to use NAT instead of transaprent mode and I'm not sure whether it would correctly build the VPN tunnel using NAT. Does anyone know if this is possible and if it is what I am missing?
What is the LAN IP of the Cisco? Whatever that is, configure another interface on the sonicwall with that IP network. Make a new trusted zone. I've got a few of these configurations with checkpoint and cisco. That's how I resolve those issues.
ASKER
The LAN side of the Cisco has an IP address of 192.168.200.3. So are you suggesting that I create a port shield interface with an ip address such as 192.168.200.1, connect the LAN of the Cisco to this and then setup NAT to this interface? Am I correct in assuming this then effectively ignores the WAN interface on the Cisco?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad I could help and thanks for the points!