Problem with S2S VPN b/w Cisco ASA 5540 and DELL SONICWALL NSA

zeeshanali1 · ‎01-26-2014

Guys... Need Help here with a Problem.

i have Cisco ASA 5540 and trying to make IPSEC Site-2-Site VPN with a client (their device is DELL SONICWALL NSA 240).

ALL parameters of Phase I and II are exactly matching ..... i have tried many possibilities but somehow phase II is NOT coming UP. i have checked it on different forums and found that i am NOT the only one who is facing this problem with these two devices but couldnt find a solution to this problem.

One Anomaly .... My Public leg of ASA is behind a NAT Public IP but somehow on DELL SONICWALL NSA 240 firewall ..... my NAT (Live IP) and actual private IP of my ASA public leg is shown in the Logs.

quick help would be much appriciated.

zeeshanali1 · ‎01-28-2014

Finally the testing is successful on Sonicwall NSA 240 as well with Cisco ASA. Actually somehow Sonicwall firewall was discovering my VPN Box's Public leg (Private IP (10.10.50.10)) as well, which was behind a Live Peer IP (203.124.x.x). As per security policies it shouldnt have been discovered on the remote end. i will bring this in Cisco TAC notice.

Logs of Sonicwall were showing ASA local ike id as "203.124.x.x" & ASA Remote ike id "10.10.50.10".

Sonicwall sets these two parameters with PSK (local ike id & remote ike id). This is other than setting the Peer IP. i asked my client to add my ASA actual and NAT IP in these two parameters and the VPN got UP.

Problem with S2S VPN b/w Cisco ASA 5540 and DELL SONICWALL NSA 240