I still have not got this going. I have removed all of my attempts to create this from my pix. My current config is below. I need the commands to be able to add the vpn from my pix to the sonicwall without disturbing the remote clients using aes-256. Please help me.....
Thanks so much for your help. Below is my config.
: Saved : PIX Version 7.0(4) ! hostname pixfirewall domain-name default.domain enable password /r9ayOm.CUP8NGkt encrypted names name 192.168.100.0 REMOTE_USERS name 162.40.148.0 WAN ! interface Ethernet0 nameif outside security-level 0 ip address 162.40.148.2 255.255.255.248 ! interface Ethernet1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet2 nameif inside2 security-level 100 ip address 192.168.0.1 255.255.255.0 ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive same-security-traffic permit intra-interface access-list 102 extended permit ip 192.168.0.0 255.255.255.0 REMOTE_USERS 255.255.255.0 access-list 102 extended permit ip any any access-list 102 extended permit ip 192.168.0.0 255.255.255.0 any access-list 102 extended permit ip any 192.168.0.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any REMOTE_USERS
255.255.255.0 access-list inside_nat0_outbound extended permit ip any 172.20.1.0
255.255.255.0 access-list 103 extended permit ip 192.168.1.0 255.255.255.0 REMOTE_USERS 255.255.255.0 access-list 103 extended permit ip 192.168.0.0 255.255.255.0 REMOTE_USERS 255.255.255.0 access-list 103 extended permit ip 192.168.254.0 255.255.255.0 REMOTE_USERS 255.255.255.0 access-list 105 standard permit 192.168.1.0 255.255.255.0 access-list 105 standard permit 192.168.0.0 255.255.255.0 access-list Local_Net_Access remark Cisco VPN CLient LAN and Internet access-list Local_Net_Access extended permit ip host 0.0.0.0 any access-list Local_Net_Access extended permit ip 192.168.0.0
255.255.255.0 REMOTE_USERS 255.255.255.0 access-list Local_Net_Access extended permit ip REMOTE_USERS
255.255.255.0 192.168.0.0 255.255.255.0 access-list Local_Net_Access extended permit ip 192.168.1.0
255.255.255.0 REMOTE_USERS 255.255.255.0 ! http-map test strict-http action allow log ! pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 mtu inside2 1500 ip local pool vpnpool1 192.168.100.1-192.168.100.254 ip verify reverse-path interface outside no failover icmp permit any echo-reply inside asdm image flash:/asdm-504.bin asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 192.168.1.0 255.255.255.0 nat (inside2) 0 access-list inside_nat0_outbound nat (inside2) 1 192.168.0.0 255.255.255.0 nat (inside2) 1 0.0.0.0 0.0.0.0 route outside 0.0.0.0 0.0.0.0 162.40.148.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius group-policy mountainbilling internal group-policy mountainbilling attributes wins-server value 192.168.0.2 dns-server value 166.102.165.11 166.102.165.13 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value Local_Net_Access default-domain value mbs.local username carliec password EvbQe/38Gti78PcE encrypted username carliec attributes vpn-group-policy mountainbilling username olivia password Gez/.ytTF/NK2Y5g encrypted username olivia attributes vpn-group-policy mountainbilling username lynn password Se6Tm5tmC/iz5.3A encrypted username lynn attributes vpn-group-policy mountainbilling username tabitha password iSYWFXU/XxnsXk74 encrypted username tabitha attributes vpn-group-policy mountainbilling username drburns password zFc.dZYSwtcSxJad encrypted username drburns attributes vpn-group-policy mountainbilling username betty password MY3n/ZbD1xCQPZSb encrypted username betty attributes vpn-group-policy mountainbilling username aysheas password abBprDilQitwcIkK encrypted username aysheas attributes vpn-group-policy mountainbilling username murad password 5nJBFqc7.h/2YWpi encrypted username murad attributes vpn-group-policy mountainbilling username jasonsandlin password k.PuGHO2ZA3wsWZ8 encrypted username marybeth password vvYs88JD88FlDRZm encrypted username marybeth attributes vpn-group-policy mountainbilling username lavernac password Vv5HLQIKYN6C0/9u encrypted username lavernac attributes vpn-group-policy mountainbilling http server enable http 192.168.1.0 255.255.255.0 inside http 192.168.0.0 255.255.255.0 inside2 no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac crypto dynamic-map map2 10 set transform-set trmset1 crypto dynamic-map map2 30 set transform-set trmset1 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map map1 65535 ipsec-isakmp dynamic map2 crypto map map1 interface outside crypto map maptosw 67 set peer 12.169.45.12 isakmp identity address isakmp enable outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption aes-256 isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp nat-traversal 20 tunnel-group mountainbilling type ipsec-ra tunnel-group mountainbilling general-attributes address-pool vpnpool1 default-group-policy mountainbilling tunnel-group mountainbilling ipsec-attributes pre-shared-key * telnet 192.168.1.0 255.255.255.0 inside telnet 192.168.0.2 255.255.255.255 inside2 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 inside dhcpd lease 3600 dhcpd ping_timeout 50 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global tftp-server inside 192.168.1.2 \\backup Cryptochecksum:0f3ff9873ea2f870c999f655ad0f48b6 : end
pixfirewall#