Hi,

I'm trying to create a site to site vpn between a pix 520 and a sonicwall tz170. The Problem is that both sides use 192.168.1.0/24 on the inside, so, i have to use NAT.

they only need to reach some addresses in the 192.168.2.0/24 range so i only need to nat from my side to their side.

the Tunnel comes up and I receive packets, but i never see packets encapsulated on my side.

the setup is

(192.168.2.0/24)and(192.168.1.0/24)---router-----PIX----internetrouter--internet--tz170---192.168.1.0/24

relevant config :

access-list SAP_oasis extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list SAP_oasis extended permit ip 192.168.2.0 255.255.255.0 192.168.68.0 255.255.255.0

nat-control

global (outside) 1 62.58.98.250

nat (inside) 1 0.0.0.0 0.0.0.0

static (outside,inside) 192.168.68.0 192.168.1.0 netmask 255.255.255.0

route outside 0.0.0.0 0.0.0.0 62.58.98.193 1

route inside 192.168.0.0 255.255.0.0 172.16.0.1 1

crypto ipsec transform-set aes-256_sha esp-aes-256 esp-sha-hmac

crypto map VPN 10 match address SAP_oasis

crypto map VPN 10 set peer 195.207.48.61

crypto map VPN 10 set transform-set aes-256_sha

crypto map VPN interface outside

isakmp identity address

isakmp enable outside

isakmp policy 13 authentication pre-share

isakmp policy 13 encryption aes-256

isakmp policy 13 hash sha

isakmp policy 13 group 2

isakmp policy 13 lifetime 28800

isakmp policy 65535 authentication pre-share

isakmp policy 65535 encryption 3des

isakmp policy 65535 hash sha

isakmp policy 65535 group 2

isakmp policy 65535 lifetime 86400

tunnel-group 195.207.48.61 type ipsec-l2l

tunnel-group 195.207.48.61 ipsec-attributes

pre-shared-key *

Can anybody help me out ?