How to setup a VPN through a Cisco Router and Sonic Wall?

At our organization we are trying to setup a VPN. The internet connection goes through a Cisco router through the SonicWall through another router. We wanted to know if there were options we had to set on the Cisco routers to allow the VPN traffic to get an IP address. We've tried putting an Ubuntu box as our PPTPD we've also tried OpenVPN nothing worked. I think its not working because we haven't told the routers about the traffic but do not know much about VPN. Any help or direction would be highly appreciated.
EIASEAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
If the SonicWall is your VPN endpoint, handing out IPs of your local subnet, you should not need to do anything regarding the router.
If you want to implement a different VPN solution, you need to create NAT and port forwarding rules for that VPN as you would do with any other service. For OpenVPN you would need udp/1194 (default) to forward to the OpenVPN server.
PPTP is problematic because of the GRE protocol used, which often cracks when NAT comes into play.
digitapCommented:
so, your routers look like this?

internet <--> Cisco <--> sonicwall <--> some other router

is the "some other router" the VPN router?  if so, what kind of router is it?  for best results, you need to put your VPN appliance directly on the Internet with a public IP address.

if you have your vpn router behind a NAT'ing device(s), then you need to open specific ports on those routers.

    * IP Protocol ID 50:
      For both inbound and outbound filters. Should be set to allow Encapsulating Security Protocol (ESP) traffic to be forwarded.
    * IP Protocol ID 51:
      For both inbound and outbound filters. Should be set to allow Authentication Header (AH) traffic to be forwarded.
    * UDP Port 500:
      For both inbound and outbound filters. Should be set to allow ISAKMP traffic to be forwarded.

Ref: http://support.microsoft.com/kb/233256/en-us
digitapCommented:
sorry Qlemo...you answered before i posted.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

EIASEAuthor Commented:
As of right now we are just using the SonicWall as a content filter. The way it works we have Cisco Router -> SonicWall -> Cisco Router.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Implementing VPNs is best done on the device separating the public from the local network. And that seems to be the SonicWall. Anything else is troublesome. Your SonicWall supports VPNs, so why not use it? What is your major goal: Reliability, ease of management, ease of installation, "installation-free" VPN, security ...?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EIASEAuthor Commented:
I felt like the details I gave were not enough so here is what we have. We have a Cisco MetroEthernet Router 3400 going to a SonicWall Pro 2040, this goes to a Cisco 2800 Series. The Cisco 2800 Series hands out the IP addresses to our local network. I will need to turn on some options for Cisco 2800 series router I assume but not sure what to tell the router.
EIASEAuthor Commented:
We are a school co-op. Meaning we have several different locations that are all on our network. Also this means that all of our content has to be filtered, including the VPN connections that come through as well. We have tried turning on the SonicWall VPN support and also using the SonicWall VPN client. We can get it to connect but it is not getting a IP address.
digitapCommented:
is the LAN interface of the sonicwall attached to the LAN interface of the Cisco or the WAN interface?  if it is connected to the WAN interface then your sonicwall isn't going to be able to give the gvc hosts an IP from the LAN interface of the cisco.

you can put the sonicwall in transparent mode so it's not NAT'ing traffic but will continue to apply security services to traffic.  use the KB below to set an interface in transparent mode:

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5979

hosts on the interface that you configure as transparent will need to have an IP that matches the subnet of the WAN interface.  since it's your cisco, your cisco WAN interface will need to have an IP that mathes the subnet of the WAN interface of the sonicwall.  you'll be able to use the cisco vpn then and get an IP from the LAN of the cisco.  also, egress traffic from the cisco will have security services applied that are configured on the interface configured as transparent.  just make sure they are enabled.
EIASEAuthor Commented:
Just having the direction I needed to head is good enough for me. I think I have a better understanding of where my problem lies. I now have told the SonicWall to handle the DHCP in a different subnet for outgoing traffic. I believe this will work.
digitapCommented:
glad it worked out and thanks for the points!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.