We're trying to setup a point to point VPN between a Sonicwall Pro 2040 with SonicOS Enhanced 4.0.0.2-51e and a Cisco router with firewall/vpn services on the other end.
Our LAN IP network is 192.168.10.0/24
The main problem is that the remote end also has the 192.168.10.0/24 network in their internal routing table so we're overlapping.
What we wanted to do was NAT the local endpoint to an address that's outside the 192.168.10.x range. We had picked 172.19.2.1 as the address to NAT on the VPN Advanced Policies tab and we enabled the "Apply NAT Policies" and chose the NAT address.
The vpn tunnel established just fine and they can ping 172.19.2.1 from their end, but pings or any traffic from our end goes out through 172.19.2.1 (verified via packet capture) but it never comes back in.
I'm sure I'm missing one step somewhere that will enable this to work...but I'm at a loss. The last step we're prepared to do is renumber our internal network..I obviously don't want to go through that if possible.
So here are the Address Objects:
Remote_Network - 172.19.0.0/255.255.255.0 - Network - VPN
Local_NAT_Address - 172.19.2.1/255.255.255.255 - Host - LAN
Address Group: Remote_Addresses which contains Remote_Network
VPN Config
Name: Remote VPN
IPSec Primary Gateway: y.y.136.131
IKE AUth:
Local IKE ID: x.x.87.2
Remote IKE ID: y.y.136.131
Local Networks:
Choose Local network from list: LAN Subnets
Destination Networks:
Choose destination network from list: Remote_Addresses
Advanced:
x Enable Keep Alive
x Apply NAT Polies
Tranlated Local Network: Local_NAT_Address
Translated Remote Network: Remote_Addresses
Default LAN Gateway: 0.0.0.0
VPN Policy Bound to: Zone WAN
I look in the NAT Policies and the Firewall rules and it looks like all the settings are correct.
Can anyone point me in the right direction without requiring me to renumber our entire internal network?
Thanks!
Andrew G. Hargreave, III (giac.org GSEC)
(email) agh3@agh3.com
(web)
Our LAN IP network is 192.168.10.0/24
The main problem is that the remote end also has the 192.168.10.0/24 network in their internal routing table so we're overlapping.
What we wanted to do was NAT the local endpoint to an address that's outside the 192.168.10.x range. We had picked 172.19.2.1 as the address to NAT on the VPN Advanced Policies tab and we enabled the "Apply NAT Policies" and chose the NAT address.
The vpn tunnel established just fine and they can ping 172.19.2.1 from their end, but pings or any traffic from our end goes out through 172.19.2.1 (verified via packet capture) but it never comes back in.
I'm sure I'm missing one step somewhere that will enable this to work...but I'm at a loss. The last step we're prepared to do is renumber our internal network..I obviously don't want to go through that if possible.
So here are the Address Objects:
Remote_Network - 172.19.0.0/255.255.255.0 - Network - VPN
Local_NAT_Address - 172.19.2.1/255.255.255.255 - Host - LAN
Address Group: Remote_Addresses which contains Remote_Network
VPN Config
Name: Remote VPN
IPSec Primary Gateway: y.y.136.131
IKE AUth:
Local IKE ID: x.x.87.2
Remote IKE ID: y.y.136.131
Local Networks:
Choose Local network from list: LAN Subnets
Destination Networks:
Choose destination network from list: Remote_Addresses
Advanced:
x Enable Keep Alive
x Apply NAT Polies
Tranlated Local Network: Local_NAT_Address
Translated Remote Network: Remote_Addresses
Default LAN Gateway: 0.0.0.0
VPN Policy Bound to: Zone WAN
I look in the NAT Policies and the Firewall rules and it looks like all the settings are correct.
Can anyone point me in the right direction without requiring me to renumber our entire internal network?
Thanks!
Andrew G. Hargreave, III (giac.org GSEC)
(email) agh3@agh3.com
(web)
