troubleshooting Question

Cisco IOS - SonicWall NSA Site to Site VPN

Avatar of mikeewalton
mikeewaltonFlag for United States of America asked on
Hardware FirewallsCiscoVPN
7 Comments2 Solutions749 ViewsLast Modified:
Attempting to build a site to site tunnel between a SonicWall NSA ans a Cisco IOS router, I can get the tunnel to become active, but can not pass traffic either direction. Am I just missing a simple route or something? Config of Cisco pasted, Sonicwall config images attached.



hostname Cisco_Router
!

ip source-route
!
!
ip dhcp excluded-address 192.168.50.1 192.168.50.99
ip dhcp excluded-address 192.168.50.201 192.168.50.254
!
ip dhcp pool ccp-pool1
   import all
   network 192.168.50.0 255.255.255.0
   dns-server 4.2.2.2 192.168.0.14
   default-router 192.168.50.1
!
!
ip cef
ip domain name domain.local
ip name-server 4.2.2.2
ip name-server 192.168.0.14
!
!

!
!
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key PASSWORD address 64.x.x.x
crypto isakmp keepalive 15
crypto isakmp client configuration address-pool local CLIENTPOOL
!
crypto ipsec security-association lifetime seconds 28800
!
crypto ipsec transform-set 50 esp-3des esp-sha-hmac
!
crypto map CMAP 10 ipsec-isakmp
 set peer 64.x.x.x
 set transform-set 50
 set pfs group2
 match address 101
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$FW_OUTSIDE$
 ip address 68.x.x.x 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map CMAP
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 ip unnumbered Vlan1
 arp timeout 0
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.50.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
ip local pool CLIENTPOOL 192.168.0.0 192.168.0.255
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 68.0.0.0.0
ip route 192.168.0.0 255.255.255.0 FastEthernet4
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.50.0 0.0.0.255
access-list 101 permit ip 192.168.50.0 0.0.0.255 192.168.0.0 0.0.0.255
no cdp run
 Doc2.docx
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 2 Answers and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros