12-08-2014 06:23 AM - edited 03-11-2019 10:11 PM
Hello Experts:
I need an assistance in order to setup STS tunnel in between Cisco and Sonicwall Firewall. The Phase 1 is up but the local IP Natted with Public IP's over the STS Tunnel not being communicated with eact other. Take a look the following config:
Cisco:
Gateway : 125.x.x.1
Local IP : 10.1.10.1 Natted with 125.x.x.24 which is added into crypto traffic so that the remote network communicates by using Public IP over the STS Tunnel.
Sonicwall:
Gateway : 121.x.x.1
Local IP : 192.168.1.1. Natted with 121.x.x.24 that I also added in network config but the communication not working.
Please assist if the communication is possible over Public IP's as I have no problem if I use local IP's.
Thanks
12-10-2014 05:13 AM
Hi Adley,
If you are doing one-to-one NAT to translate only the 10.1.10.1 to -->125.X.X.24 and 192.168.1.1 to -->121.x.X.24, and no the whole subnet, you can do it for both sides, however, if you do PAT translating all the subnet to one IP on both ends, that will be a Port Communication, though how do you know what is the Port number that one host is using at the moment. You are not going to be doing --> show xlate | inc <Internal IP address>.
What I can recommend you if you are doing PAT translation for a whole subnet and not just one host, it's to PAT one side and the other side leave it using the private IP addresses, for the interesting traffic, for example:
Cisco:
access-list VPN permit ip host 125.x.x.24 192.168.1.0 255.255.255.0
SonicWall:
You have the GUI, and you can define the destination as the IP address --> 125.X.X.24, and your source as the 192.168.1.0/24.
-------------------------------------------------------------------------------------------------------------------------------
Please attach the following output:
- show crypto isakmp sa
- show crypto ipsec sa
- show run crypto map
- show access-list <ACL under the crypto map>
Let me know how it works out!
Please don't forget to rate and mark as correct the helpful Post!
Regards,
David Castro,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide