Options
SONICFAIL and Cisco PIX vpn troubles
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
in Off-Topic
Ok so I have a problems.
I am replacing a PIX 506e at one of our remote sites with a Sonicwall TZ210. Configuring it wasn't that difficult but now I am having a very interesting issue. I have a site to site VPN tunnel to a PIX 515 that is at our corporate office. The VPN tunnel turns up (as in I can actually see the tunnel show up on Sonicwall side and the Cisco side) but no traffic will pass. I called Sonicwall support whose only answer is "it is on the Cisco side). I explained to them that plugging the PIX 506e works fine. Has anyone seen any issues like this?
I am replacing a PIX 506e at one of our remote sites with a Sonicwall TZ210. Configuring it wasn't that difficult but now I am having a very interesting issue. I have a site to site VPN tunnel to a PIX 515 that is at our corporate office. The VPN tunnel turns up (as in I can actually see the tunnel show up on Sonicwall side and the Cisco side) but no traffic will pass. I called Sonicwall support whose only answer is "it is on the Cisco side). I explained to them that plugging the PIX 506e works fine. Has anyone seen any issues like this?
Comments
-
Options
QHalo
Member Posts: 1,488
I quickly found this. I'm guessing you've looked it over or maybe you haven't. Either way I hope it helps.
VPN Between Sonicwall Products and Cisco Security Appliance Configuration Example - Cisco Systems -
Options
it_consultant
Member Posts: 1,903
I have not seen this with a sonicwall but I have seen this with WG and Cisco VPNs. WG has a whole tech article on how to make VPNs between those two devices work correctly.
I had a problem with a Cisco and a Checkpoint, turned out the techs on the other side (China) had problems understanding English and were just trying out different things until they got the tunnel up. Guess I can't blame that on the manufacturer. -
OptionsBl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
I quickly found this. I'm guessing you've looked it over or maybe you haven't. Either way I hope it helps.
VPN Between Sonicwall Products and Cisco Security Appliance Configuration Example - Cisco Systems
That was the document I was following. It seems pretty straight forward. -
OptionsBl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
did you try calling cisco?
The thing is everything works on the cisco side (if I plug in the old pix it works fine). Plus no TAC on the PIX
-
Options
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
Step 1:
Technically and logically this would be useless since it's just a display. -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
Bl8ckr0uter wrote: »***bump***
Can you monitor traffic to see where it is being dropped? For example, I just created a static nat for a voip box but cant hit the web interface from outside...021075: *Sep 22 20:12:41.273 Pacific: %FW-6-DROP_PKT: Dropping tcp session X.X.X.X:49262 X.X.X.X:80 on zone-pair outin class class-default due to DROP action found in policy-map with ip ident 0 021076: *Sep 22 20:13:23.061 Pacific: %FW-6-LOG_SUMMARY: 3 packets were dropped from X.X.X.X:49262 => X.X.X.X:80 (target:class)-(outin:class-default) 021077: *Sep 22 20:13:33.093 Pacific: %FW-6-DROP_PKT: Dropping tcp session X.X.X.X:49265 X.X.X.X:80 on zone-pair outin class class-default due to DROP action found in policy-map with ip ident 0 021078: *Sep 22 20:14:23.061 Pacific: %FW-6-LOG_SUMMARY: 3 packets were dropped from X.X.X.X:49265 => X.X.X.X:80 (target:class)-(outin:class-default) 021079: *Sep 22 20:14:24.237 Pacific: %FW-6-DROP_PKT: Dropping tcp session X.X.X.X:80 X.X.X.X:49288 on zone-pair outin class Inbound due to Invalid Segment with ip ident 0 021080: *Sep 22 20:15:25.933 Pacific: %FW-6-DROP_PKT: Dropping udp session X.X.X.X:3793 X.X.X.X:1434 on zone-pair outin class class-default due to DROP action found in policy-map with ip ident 0
-
Options[Deleted User]
Senior Member Posts: 0 ■■■■□□□□□□
Technically and logically this would be useless since it's just a display.
Haha you get the idea. I just understand his frustration, I've been there unfortunately not with something like this -
Options
L0gicB0mb508
Member Posts: 538
yeah...I think we had a discussion about Sonicwalls didn't we?I bring nothing useful to the table...
