SuperRoot
asked on
Sonicwall To Cisco GRE VPN connection
Hi,
I've been working on this issue for past 2 days. Not enough sleep is also making it worse :( Anyways, I have a new sonicwall 3600 to connect to our cisco 1811 router vpn in the Data center. I can't figure out why its not working. I manage to make the vpn work but I can't ping or see anything on the remote network at the data center. Please help.
So far this is what I did.
Policy type: tunnel interface
authentication: IKE and Pre-shared
Proposal Tab
Phase1 IKE
Exchange: Main Mode
DH Group: Group 2
Encryption: 3Des
Authentication: md5
Life Time : 86400
IPsec Phase 2
Protocol: ESP
Encryption: 3des
Authentication MD5
Life Time: 86400
Advanced Tab:
Enable Keep alive
Allow advanced Routing
Enable Transport Mode
VPN Policy bount to: Int X1
I can see the vpn up but its not showing the internal network. I looked at the data center configuration of the vpn and below is what I see associated for that connection:
crypto isakmp policy 40
encr 3des
hash md5
authentication pre-share
crypto isakmp key xxxxdsadasdscsa address 212.93.119.5 no-xauth
crypto isakmp key dadawadsdsfacs address 212.93.119.6 no-xauth
crypto isakmp key sasadsasssaaacc address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 10
!
crypto ipsec transform-set niceconfig esp-3des esp-md5-hmac
mode transport
crypto map vpn 10 ipsec-isakmp
set peer 212.93.119.6
set transform-set niceconfig
match address unused-used
crypto map vpn 11 ipsec-isakmp
set peer 212.93.119.5
set transform-set goodenough
match address dead-alive
interface Tunnel0
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip ospf authentication
ip ospf authentication-key 7 xxxxxzxSdasxaxsxxzxxz
ip ospf mtu-ignore
tunnel source FastEthernet0
tunnel destination 212.93.119.5
!
interface FastEthernet0
ip address 23.25.55.139 255.255.255.248
ip access-group internet-in in
ip nat outside
ip virtual-reassembly
shutdown
duplex auto
speed auto
crypto map vpn
!
router ospf 1123
log-adjacency-changes
redistribute connected
redistribute static subnets
passive-interface FastEthernet0
passive-interface Vlan15
network 172.16.0.0 0.15.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
default-information originate
!
ip access-list extended dead-alive
permit gre host 23.25.55.139 host 212.93.119.5
ip access-list extended internet-in
permit ip 212.93.119.0 0.0.0.255 any
permit ip 23.25.55.136 0.0.0.7 any
permit ip any any
I've been working on this issue for past 2 days. Not enough sleep is also making it worse :( Anyways, I have a new sonicwall 3600 to connect to our cisco 1811 router vpn in the Data center. I can't figure out why its not working. I manage to make the vpn work but I can't ping or see anything on the remote network at the data center. Please help.
So far this is what I did.
Policy type: tunnel interface
authentication: IKE and Pre-shared
Proposal Tab
Phase1 IKE
Exchange: Main Mode
DH Group: Group 2
Encryption: 3Des
Authentication: md5
Life Time : 86400
IPsec Phase 2
Protocol: ESP
Encryption: 3des
Authentication MD5
Life Time: 86400
Advanced Tab:
Enable Keep alive
Allow advanced Routing
Enable Transport Mode
VPN Policy bount to: Int X1
I can see the vpn up but its not showing the internal network. I looked at the data center configuration of the vpn and below is what I see associated for that connection:
crypto isakmp policy 40
encr 3des
hash md5
authentication pre-share
crypto isakmp key xxxxdsadasdscsa address 212.93.119.5 no-xauth
crypto isakmp key dadawadsdsfacs address 212.93.119.6 no-xauth
crypto isakmp key sasadsasssaaacc address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 10
!
crypto ipsec transform-set niceconfig esp-3des esp-md5-hmac
mode transport
crypto map vpn 10 ipsec-isakmp
set peer 212.93.119.6
set transform-set niceconfig
match address unused-used
crypto map vpn 11 ipsec-isakmp
set peer 212.93.119.5
set transform-set goodenough
match address dead-alive
interface Tunnel0
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip ospf authentication
ip ospf authentication-key 7 xxxxxzxSdasxaxsxxzxxz
ip ospf mtu-ignore
tunnel source FastEthernet0
tunnel destination 212.93.119.5
!
interface FastEthernet0
ip address 23.25.55.139 255.255.255.248
ip access-group internet-in in
ip nat outside
ip virtual-reassembly
shutdown
duplex auto
speed auto
crypto map vpn
!
router ospf 1123
log-adjacency-changes
redistribute connected
redistribute static subnets
passive-interface FastEthernet0
passive-interface Vlan15
network 172.16.0.0 0.15.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
default-information originate
!
ip access-list extended dead-alive
permit gre host 23.25.55.139 host 212.93.119.5
ip access-list extended internet-in
permit ip 212.93.119.0 0.0.0.255 any
permit ip 23.25.55.136 0.0.0.7 any
permit ip any any
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER