Sonicwall and Cicso VPN

Am Mon, 23 Jul 2007 14:20:26 -0700 schrieb james:

Aggressive mode is genereally a bad idea (e.g PSK hash will be transmitted clear text). Which model do you have? On 4100 or 5600 you need to deal with the options for GlobalVPN Client, as far as I remember it's called GroupVPN. There are some documentations on the sonicwall website but I made the experience that the VPN implementations (especially x509 authentication) is a little crappy.

cheers

well we have home users using a voip phone. we want to set up the cisco 800 for some qos and have it vpn to the office sonciwall PRO-VX (smaller unit). i was under the impression we needed to use aggressive since home ip is dynamic.

i read somewhere that ciscos do not initiate aggresive mode vpns but can accpet - not sure if this is still true.

it all works with a static IP and main mode. but i need to get these to work from anyones house, with any random IP.

thanks for your help.

Am Tue, 24 Jul 2007 06:24:46 -0700 schrieb james:

nope

afaik not true

Your home users have an vpn client, this client connect to sonicwall, sonicwall has an vpn to cisco, am I right. For the home users with the vpn client and the dynamic IP's you need to configure GroupVPN, between cisco and sonicwall establish a site-to-site VPN, thats it. You also can run dhcp via ipsec, that means you define a pool (usually your local IPSec network) on the sonicwall. Thats the way it would work, has the sonicwall an dynamic or staic IP? In you decription above your clients are the guy's with thw dynamic IP, right.

cheers