Link to home
Create AccountLog in
Avatar of EIASE
EIASEFlag for United States of America

asked on

How to setup a VPN through a Cisco Router and Sonic Wall?

At our organization we are trying to setup a VPN. The internet connection goes through a Cisco router through the SonicWall through another router. We wanted to know if there were options we had to set on the Cisco routers to allow the VPN traffic to get an IP address. We've tried putting an Ubuntu box as our PPTPD we've also tried OpenVPN nothing worked. I think its not working because we haven't told the routers about the traffic but do not know much about VPN. Any help or direction would be highly appreciated.
Avatar of Qlemo
Qlemo
Flag of Germany image

If the SonicWall is your VPN endpoint, handing out IPs of your local subnet, you should not need to do anything regarding the router.
If you want to implement a different VPN solution, you need to create NAT and port forwarding rules for that VPN as you would do with any other service. For OpenVPN you would need udp/1194 (default) to forward to the OpenVPN server.
PPTP is problematic because of the GRE protocol used, which often cracks when NAT comes into play.
SOLUTION
Avatar of digitap
digitap
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
sorry Qlemo...you answered before i posted.
Avatar of EIASE

ASKER

As of right now we are just using the SonicWall as a content filter. The way it works we have Cisco Router -> SonicWall -> Cisco Router.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of EIASE

ASKER

I felt like the details I gave were not enough so here is what we have. We have a Cisco MetroEthernet Router 3400 going to a SonicWall Pro 2040, this goes to a Cisco 2800 Series. The Cisco 2800 Series hands out the IP addresses to our local network. I will need to turn on some options for Cisco 2800 series router I assume but not sure what to tell the router.
Avatar of EIASE

ASKER

We are a school co-op. Meaning we have several different locations that are all on our network. Also this means that all of our content has to be filtered, including the VPN connections that come through as well. We have tried turning on the SonicWall VPN support and also using the SonicWall VPN client. We can get it to connect but it is not getting a IP address.
is the LAN interface of the sonicwall attached to the LAN interface of the Cisco or the WAN interface?  if it is connected to the WAN interface then your sonicwall isn't going to be able to give the gvc hosts an IP from the LAN interface of the cisco.

you can put the sonicwall in transparent mode so it's not NAT'ing traffic but will continue to apply security services to traffic.  use the KB below to set an interface in transparent mode:

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5979

hosts on the interface that you configure as transparent will need to have an IP that matches the subnet of the WAN interface.  since it's your cisco, your cisco WAN interface will need to have an IP that mathes the subnet of the WAN interface of the sonicwall.  you'll be able to use the cisco vpn then and get an IP from the LAN of the cisco.  also, egress traffic from the cisco will have security services applied that are configured on the interface configured as transparent.  just make sure they are enabled.
Avatar of EIASE

ASKER

Just having the direction I needed to head is good enough for me. I think I have a better understanding of where my problem lies. I now have told the SonicWall to handle the DHCP in a different subnet for outgoing traffic. I believe this will work.
glad it worked out and thanks for the points!