Configure Sonicwall TZ-190 with Cisco VPN box
On the Sonicwall we have an assigned range of WAN IP addresses 123.123.123.1/255.255.255.
x0:lan - 192.168.168.1/255.255.255.
x1:wan - 111.111.111.229/255.255.25
x2:
x3:
x4:
x5:
We have an external US dept who want to introuduce a Cisco box-to-box VPN to allow users in our network to access servers in the US one. They have supplied a pre-configured Cisco ASA device configured with a public IP address 123.123.123.3 (i.e in the range of useable IP addresses we have).
To get this incorporated in the network I believe we need to add another PortShield interface in transparent mode to allocate the required IP address to this device and allow it to create the box to box VPN. However because of the disparity in the WAN IP address and the useable IP address I get "Error: Transparent Range not in WAN subnet" when I try to add this interface.
I have no access to the Cisco box so I cannot see a way to alter the setup to use NAT instead of transaprent mode and I'm not sure whether it would correctly build the VPN tunnel using NAT. Does anyone know if this is possible and if it is what I am missing?
x0:lan - 192.168.168.1/255.255.255.
x1:wan - 111.111.111.229/255.255.25
x2:
x3:
x4:
x5:
We have an external US dept who want to introuduce a Cisco box-to-box VPN to allow users in our network to access servers in the US one. They have supplied a pre-configured Cisco ASA device configured with a public IP address 123.123.123.3 (i.e in the range of useable IP addresses we have).
To get this incorporated in the network I believe we need to add another PortShield interface in transparent mode to allocate the required IP address to this device and allow it to create the box to box VPN. However because of the disparity in the WAN IP address and the useable IP address I get "Error: Transparent Range not in WAN subnet" when I try to add this interface.
I have no access to the Cisco box so I cannot see a way to alter the setup to use NAT instead of transaprent mode and I'm not sure whether it would correctly build the VPN tunnel using NAT. Does anyone know if this is possible and if it is what I am missing?
What is the LAN IP of the Cisco? Whatever that is, configure another interface on the sonicwall with that IP network. Make a new trusted zone. I've got a few of these configurations with checkpoint and cisco. That's how I resolve those issues.
The LAN side of the Cisco has an IP address of 192.168.200.3. So are you suggesting that I create a port shield interface with an ip address such as 192.168.200.1, connect the LAN of the Cisco to this and then setup NAT to this interface? Am I correct in assuming this then effectively ignores the WAN interface on the Cisco?
You are understanding the direction I think you should go. You only need a NAT rule if you need to hide your subnet from the network on the other side of their VPN. They may already be handling that. If you already know the IP network their servers are on that need to be accessed over the VPN AND if it is different from 192.168.200.0/24, then you'll need to setup static route to use the new interface as the gateway for that IP network.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial