PIX-to-sonicwall vpn...

Hi Jason,

You may also want to investigate the SonicWALL Forum:

as well as

Sincerely,

Brad Reese BradReese.Com - Cisco Repair

Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Power Supply Headquarters

You can create several different transform-sets and then list several of them on the transform-set clause of the crypto-map entry. Also, each different crypto-map policy within a map (that is, same name but different number) may use a different transform-set clause.

You might also have some isakmp policies. If so, then create one for each of the transform sets you would like to be able to use. The lowest numbered policy will be the one prefered for sending out data, if the other end supports that policy. (In turn, the other end sends the PIX a list of policies that -it- would like to use, and the PIX gives it the go-ahead to use the first one on -that- list that is supported by one of your isakmp policies... even if it happens to be the policy you favour the least. The devices do not negotiate to try to use the same policy in both directions.)

I still have not got this going. I have removed all of my attempts to create this from my pix. My current config is below. I need the commands to be able to add the vpn from my pix to the sonicwall without disturbing the remote clients using aes-256. Please help me.....

Thanks so much for your help. Below is my config.

: Saved : PIX Version 7.0(4) ! hostname pixfirewall domain-name default.domain enable password /r9ayOm.CUP8NGkt encrypted names name 192.168.100.0 REMOTE_USERS name 162.40.148.0 WAN ! interface Ethernet0 nameif outside security-level 0 ip address 162.40.148.2 255.255.255.248 ! interface Ethernet1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet2 nameif inside2 security-level 100 ip address 192.168.0.1 255.255.255.0 ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive same-security-traffic permit intra-interface access-list 102 extended permit ip 192.168.0.0 255.255.255.0 REMOTE_USERS 255.255.255.0 access-list 102 extended permit ip any any access-list 102 extended permit ip 192.168.0.0 255.255.255.0 any access-list 102 extended permit ip any 192.168.0.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any REMOTE_USERS

255.255.255.0 access-list inside_nat0_outbound extended permit ip any 172.20.1.0 255.255.255.0 access-list 103 extended permit ip 192.168.1.0 255.255.255.0 REMOTE_USERS 255.255.255.0 access-list 103 extended permit ip 192.168.0.0 255.255.255.0 REMOTE_USERS 255.255.255.0 access-list 103 extended permit ip 192.168.254.0 255.255.255.0 REMOTE_USERS 255.255.255.0 access-list 105 standard permit 192.168.1.0 255.255.255.0 access-list 105 standard permit 192.168.0.0 255.255.255.0 access-list Local_Net_Access remark Cisco VPN CLient LAN and Internet access-list Local_Net_Access extended permit ip host 0.0.0.0 any access-list Local_Net_Access extended permit ip 192.168.0.0 255.255.255.0 REMOTE_USERS 255.255.255.0 access-list Local_Net_Access extended permit ip REMOTE_USERS 255.255.255.0 192.168.0.0 255.255.255.0 access-list Local_Net_Access extended permit ip 192.168.1.0 255.255.255.0 REMOTE_USERS 255.255.255.0 ! http-map test strict-http action allow log ! pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 mtu inside2 1500 ip local pool vpnpool1 192.168.100.1-192.168.100.254 ip verify reverse-path interface outside no failover icmp permit any echo-reply inside asdm image flash:/asdm-504.bin asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 192.168.1.0 255.255.255.0 nat (inside2) 0 access-list inside_nat0_outbound nat (inside2) 1 192.168.0.0 255.255.255.0 nat (inside2) 1 0.0.0.0 0.0.0.0 route outside 0.0.0.0 0.0.0.0 162.40.148.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius group-policy mountainbilling internal group-policy mountainbilling attributes wins-server value 192.168.0.2 dns-server value 166.102.165.11 166.102.165.13 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value Local_Net_Access default-domain value mbs.local username carliec password EvbQe/38Gti78PcE encrypted username carliec attributes vpn-group-policy mountainbilling username olivia password Gez/.ytTF/NK2Y5g encrypted username olivia attributes vpn-group-policy mountainbilling username lynn password Se6Tm5tmC/iz5.3A encrypted username lynn attributes vpn-group-policy mountainbilling username tabitha password iSYWFXU/XxnsXk74 encrypted username tabitha attributes vpn-group-policy mountainbilling username drburns password zFc.dZYSwtcSxJad encrypted username drburns attributes vpn-group-policy mountainbilling username betty password MY3n/ZbD1xCQPZSb encrypted username betty attributes vpn-group-policy mountainbilling username aysheas password abBprDilQitwcIkK encrypted username aysheas attributes vpn-group-policy mountainbilling username murad password 5nJBFqc7.h/2YWpi encrypted username murad attributes vpn-group-policy mountainbilling username jasonsandlin password k.PuGHO2ZA3wsWZ8 encrypted username marybeth password vvYs88JD88FlDRZm encrypted username marybeth attributes vpn-group-policy mountainbilling username lavernac password Vv5HLQIKYN6C0/9u encrypted username lavernac attributes vpn-group-policy mountainbilling http server enable http 192.168.1.0 255.255.255.0 inside http 192.168.0.0 255.255.255.0 inside2 no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac crypto dynamic-map map2 10 set transform-set trmset1 crypto dynamic-map map2 30 set transform-set trmset1 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map map1 65535 ipsec-isakmp dynamic map2 crypto map map1 interface outside crypto map maptosw 67 set peer 12.169.45.12 isakmp identity address isakmp enable outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption aes-256 isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp nat-traversal 20 tunnel-group mountainbilling type ipsec-ra tunnel-group mountainbilling general-attributes address-pool vpnpool1 default-group-policy mountainbilling tunnel-group mountainbilling ipsec-attributes pre-shared-key * telnet 192.168.1.0 255.255.255.0 inside telnet 192.168.0.2 255.255.255.255 inside2 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 inside dhcpd lease 3600 dhcpd ping_timeout 50 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global tftp-server inside 192.168.1.2 \\backup Cryptochecksum:0f3ff9873ea2f870c999f655ad0f48b6 : end

pixfirewall#

btw:

The new connection will need the following connection details....

Name - MAIN-HZDBILLING shared secret - xxxxxx Exchange - Main Mode DH Group - Group 2 Encryption - 3DES Authentication - SHA1 Lifetime - 28800 Protocol - ESP

Sonicwall Local IP Scheme - 172.20.1.0/24 Sonicwall WAN IP - 12.169.xx.xxx

Thanks again

Jason