UC500 (UC540) site to site VPN Sonicwall

cisco · ‎10-10-2012

I can get the tunnel to come up successfully if I initiate traffic from the sonicwall side, all looks good other than packets are not routing through the tunnel. If I attempt to tracert through to the remote LAN subnet from the Cisco, it tries sending the packets through the default GW out to the internet. I thought the ACL deny IP statements are supposed to resolve this. Anyway I'm at a loss at this point. Below is the modified config I have added to the default/standard config:

------------------------------------------------------------------------------------------

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 1
lifetime 3600

crypto isakmp key cisco123 address x.x.x.x
!
!
crypto ipsec transform-set VPNSET esp-3des esp-md5-hmac
!
crypto map VPNMAP 10 ipsec-isakmp
set peer x.x.x.x
set transform-set VPNSET
match address 150

access-list 150 permit ip 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 150 permit ip 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 105 deny ip 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 105 deny ip 10.1.0.0 0.0.255.255 192.168.100.0 0.0.0.255
access-list 104 permit ip host x.x.x.x any

interface FastEthernet0/0
crypto map VPNMAP

-------------------------------------------------------------------------------------------

Thanks in advance for any advice/input.

davidcook1 · ‎10-11-2012

Fixed it....

Just needed to get the access-list 105 deny rules at the top or above the NAT rule in the 105 access-list...