Problems with SonicWALL to PIX VPN establishment (two)

ramiro · ‎04-04-2003

Ok!, here I send the configuration in both sides of the VPN:

PIX Firewall

access-list 20 permit tcp host <remote public IP> host <local public IP> eq telnet

access-list vpn-name permit ip host <local public IP> host <remote public IP>

crypto ipsec transform-set strong esp-des esp-md5-hmac

crypto map NAME 3 ipsec-isakmp

crypto map NAME 3 match address vpn-name

crypto map NAME 3 set peer <remote peer>

crypto map NAME 3 set transform-set strong

crypto map NAME 3 set security-association lifetime seconds 86400

crypto map NAME interface outside

isakmp enable outside

isakmp key ######## address <remote peer> netmask 255.255.255.255

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 86400

SonicWALL

Security Association: NAME

IPSec Keying Mode: IKE using Preshared Secret

Name: NAME

IPSec Gateway Address: <remote peer - PIX Firewall>

Phase 1 DH Group: Group 1

SA Life time (secs): 86000

Phase 1 Encryp/Auth.: DES & MD5

Phase 2 Encryp/Auth.: Encrypt for CheckPoint (ESP DES HMAC MD5)

Shared Secret: ###########

Specify destination networks below

Network: Subnet Mask:

x.x.x.x 255.255.255.0

Thanks again!

R.a.M.

afakhan · ‎04-04-2003

Hi,

I think your crypto ACL(vpn-name) is not correct, make sure its completely symmetrical on the two sides.

Symptoms in above case would be, proxy ids not supported.

Thx

Afaq