Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix 515E to Sonicwall VPN

Status
Not open for further replies.
mdc1973

mdc1973

Technical User
Jul 7, 2003
31
GB
Hi,

Need some guidance with a VPN between my pix (7.1(2)) and a clients sonicwall. I used the ASDM to create the VPN- relevant parts of the config:

access-list outside_20_cryptomap extended permit ip 10.11.0.0 255.255.0.0 10.0.0.0 255.255.0.0
access-list dmz1_nat0_outbound extended permit ip 10.11.0.0 255.255.0.0 10.0.0.0 255.255.0.0

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 20 match address outside_20_cryptomap
crypto map outside_map 20 set peer 83.x.x.x
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
isakmp enable outside
tunnel-group 83.x.x.x type ipsec-l2l
tunnel-group 83.x.x.x ipsec-attributes
pre-shared-key *


Client has confirmed settings at his end are same. Not having had much experience of VPNs on Pix (and no experience of Sonicwall), are there any 'gotchas' I need to be aware of? The tunnel is not coming up, and I am seeing the following messages when debugging:

[IKEv1]: Group = 83.x.x.x, IP = 83.x.x.x, Removing peer from peer table failed, no match!
[IKEv1]: Group = 83.x.x.x, IP = 83.x.x.x, Error: Unable to remove PeerTblEntry
[IKEv1]: IP = 83.x.x.x, Received Invalid Cookie message for non-existent SA

Could be something painfully obvious, but advice would be appreciated.
 
Sort by date Sort by votes
Somewhere on the Sonicwall website there are a series of whitepapers on site to site vpn between different products. I think they have a step-by-step on how to connect to PIX.

When I have a minute I will look for it.
 
Upvote 0 Downvote
Check the pfs setting on your pix. I beleive the Sonicwall has perfect forward secret set for 3des.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Thanks for the replies, managed to get it sorted. Think the messages were a bit of a red herring, ultimately it was down to the Pix sending it's hostname as Identity to send to peer. Once I changed it to address, it was sorted...

A mistake I won't make again (and if we can't learn from them, then what's the use of making them??).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
1K
Shmid
Shmid
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
811
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
848
intel233
intel233
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
230
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top