Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
839
Views
0
Helpful
4
Replies

Tunnel between ASA 5520 and Sonicwall Firewall.

biju_jacob
Level 1
Level 1

‎09-06-2005 10:31 PM

We need to establish Tunnel between ASA 5520 and Sonicwall Firewall. The network is

LAN-- ASA-- Core L2--- bGP Router--- ADSL Router --Sonicwall FW -- LAN

The tunnel is not getting established. I am attaching the Tech Report, Debug outputs.

The preshare keys on both sides match, 3DES, SHA1 are configured on Sonicwall.

Can someone guide me as to how to trouble shoot and bring the tunnels up. I need to shift 15 Tunnels to the ASA from Pix & other 2 firewalls.

Labels:
Preview file
5 KB
Preview file
25 KB
Preview file
1 KB
0 Helpful
4 Replies 4

shijogeorge
Level 1
Level 1

‎09-07-2005 11:32 PM

Hi Biju,

Please try changing the tunnel-group configurations as follows

tunnel-group 59.144.1.25 type ipsec-l2l

tunnel-group 59.144.1.25 ipsec-attributes

pre-shared-key *

HTH

Regards,

Shijo George.

0 Helpful

biju_jacob
Level 1
Level 1
In response to shijogeorge

‎09-08-2005 01:43 AM

Hi Shijo,

I will test it and inform.

Thanks

Regards

Biju Jacob

0 Helpful

biju_jacob
Level 1
Level 1
In response to biju_jacob

‎09-09-2005 02:06 AM

Hi Shijo,

Tried using Peer IP without any change in status.

ZapAppCore-Fw1# sh crypto ipsec stats

IPsec Global Statistics

-----------------------

Active tunnels: 0

Previous tunnels: 0

Inbound

Bytes: 0

Decompressed bytes: 0

Packets: 0

Dropped packets: 0

Replay failures: 0

Authentications: 0

Authentication failures: 0

Decryptions: 0

Decryption failures: 0

Outbound

Bytes: 0

Uncompressed bytes: 0

Packets: 0

Dropped packets: 0

Authentications: 0

Authentication failures: 0

Encryptions: 0

Encryption failures: 0

Protocol failures: 0

Missing SA failures: 0

System capacity failures: 0

ZapAppCore-Fw1# sh crypto ipsec sa

There are no ipsec sas

ZapAppCore-Fw1# ping 59.144.1.25

Sending 5, 100-byte ICMP Echos to 59.144.1.25, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

ZapAppCore-Fw1# sh crypto isakmp sa

There are no isakmp sas

Biju Jacob

0 Helpful

biju_jacob
Level 1
Level 1
In response to biju_jacob

‎10-07-2005 01:43 AM

Hi Guys,

We managed to solve the problem, NAT-R was enabled on the farend sonicwall and once we disabled the tunnels came up fine.

The other problem we were facing was creating multiple VPNs to a single peer which was not happening with 7.0(1). Opened a case with TAC with no results when we found that this is a bug in OS which has been rectified in 7.0(3.10), which unfortunatly was not pointed out by the TAC guy. We off we go to see if the new OS would solve the problems. Thanks to everyone who tried helping.

0 Helpful
Customers Also Viewed These Support Documents