STS Tunnel Setup in between Cisco ASA and Sonicwall Firewall.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-08-2014 06:23 AM - edited 03-11-2019 10:11 PM
Hello Experts:
I need an assistance in order to setup STS tunnel in between Cisco and Sonicwall Firewall. The Phase 1 is up but the local IP Natted with Public IP's over the STS Tunnel not being communicated with eact other. Take a look the following config:
Cisco:
Gateway : 125.x.x.1
Local IP : 10.1.10.1 Natted with 125.x.x.24 which is added into crypto traffic so that the remote network communicates by using Public IP over the STS Tunnel.
Sonicwall:
Gateway : 121.x.x.1
Local IP : 192.168.1.1. Natted with 121.x.x.24 that I also added in network config but the communication not working.
Please assist if the communication is possible over Public IP's as I have no problem if I use local IP's.
Thanks
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2014 05:13 AM
Hi Adley,
If you are doing one-to-one NAT to translate only the 10.1.10.1 to -->125.X.X.24 and 192.168.1.1 to -->121.x.X.24, and no the whole subnet, you can do it for both sides, however, if you do PAT translating all the subnet to one IP on both ends, that will be a Port Communication, though how do you know what is the Port number that one host is using at the moment. You are not going to be doing --> show xlate | inc <Internal IP address>.
What I can recommend you if you are doing PAT translation for a whole subnet and not just one host, it's to PAT one side and the other side leave it using the private IP addresses, for the interesting traffic, for example:
Cisco:
access-list VPN permit ip host 125.x.x.24 192.168.1.0 255.255.255.0
SonicWall:
You have the GUI, and you can define the destination as the IP address --> 125.X.X.24, and your source as the 192.168.1.0/24.
-------------------------------------------------------------------------------------------------------------------------------
Please attach the following output:
- show crypto isakmp sa
- show crypto ipsec sa
- show run crypto map
- show access-list <ACL under the crypto map>
Let me know how it works out!
Please don't forget to rate and mark as correct the helpful Post!
Regards,
David Castro,
