Sonicwall vpn behind Motorola Clear Modem

I've got an interesting situation with a client.  while they are waiting for as more permanent location for a small office, they are trying to create a site to site vpn between a sonicwall tz 180 and a sonicwall 1260.  The catch is that the clear 4g modem cannot go into a transparent or bridged mode, so the wan port on the 180 must take a lan ip from the motorola modem.

I'm looking for the best way to get a site to site vpn between this device and a 1260 that is sitting with a public IP.  I can get sonicwall GVC to connect from behind the 180, but can't get the 180 and 1260 to connect.

errors include -from the tz180 -
 IKE Responder: Proposed IKE ID mismatch
Received unencrypted packet while crypto active
NAT Discovery : Local IPSec Security Gateway behind a NAT/NAPT Device
from the 1260 -
IKE Responder: Proposed IKE ID mismatch

I've tried putting the 180 in the Motorola's dmz
and I've tried port forwarding udp 500 and ip 50 from the Motorola to the 180 with similar results.  I might not have done either function correctly.

any and all direction and guidance is appreciated.

Dylan
LVL 2
dpedersen13Asked:
Who is Participating?
 
dpedersen13Author Commented:
Fixed it!  

Here is what I did to get the sonicwall site to site vpn with one sonicwall behind NAT to work:
after setting all settings the way I would without NAT I had to make the following modifications:
1. in Phase 1 proposals set both to aggressive mode
2. Change the name of the vpn connection to match the unique firewall identifier on the OTHER sonicwall on both sonicwalls
3. On my enhanced OS, I had to make the PEER IKE  ID equal the internal ip of the sonicwall behind the NAT

Fired right up

I used sonicwall's guide Troubleshooting Guide IKE VPN initialization
http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_22908592.html 
and a night's sleep to get it to work.
0
 
BWaringCommented:
I'm pretty sure that this cannot be done. If you cannot get a public IP to the WAN side of the SW, it is not going to work. As you mentioned, without transparent mode on the Motorla, the NAT is going to get in the way. I have tried this in the past, with support from SW, and it was not able to work. We eventually brought in a separate cable Internet connection to get that office up on the VPN....
0
 
dpedersen13Author Commented:
that's sort of where I think I'm headed.  nat transversal with the ipsec wrapped in a udp is supposed to work, I'm just having a hard time making it happen.  
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
BWaringCommented:
That's great! Better than SonicWall could do themselves (at least the two guys I spoke with there).... now you've given me something to do... I've got to try to replicate this.... thanks
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
BBQPMCommented:
I run in to the same situation.

1.) You can indeed put the Clear modem into routed bridge mode so SW will be able to obtain an public IP address and VPN will work that way. However, the problem I have is that SIP UDP port 5060 somehow filtered.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.