Cisco ASA 5505 to SonicWALL NSA 240 VPN


This article is going to assume that you know a little bit about VPNs and both devices. I know more about the Sonicwalls than i do the Ciscos so I pretty much just run the VPN wizard on the Cisco and change the default settings on the Sonicwall to get the tunnel up.

We’ll configure the Sonicwall first. Here give the tunnel a name, put in the DNS name or IP address of the other side, make up a PSK, and where it says Peer IKE ID put in the Cisco’s LAN IP address.





I have the Cisco behind another Sonicwall so the exchange to set to aggressive, on the Cisco I think the Wizard sets the Exchange to aggressive mode by default, so one less change I had to make on the Cisco. Phase1 is changed to AES-128, SHA1 and a lifetime 86400sec (8 hours). Phase2 is ESP, AES-128, SHA1, and lifetime changed to 86400. I’m sure the tunnel would still come up if you kept the encryption at 3DES, but AES-128 is stronger, and I heard it has less overhead.






I skip the network tab, I’m not going over how to create address objects/groups, but all you do is put in the local and remote LAN networks. On the advanced tab I cleared out keep alive because other firewall is behind another firewall that is NATting so it will have to bring up the tunnel.






Um ya here is a shot of the main page of the 5505, yaaa..I ran the wizard. :b






Here I just change the remote to a group of the two DMZs on the other side.






Here I enabled NAT traversal, cause once again the Cisco is behind a other firewall that is NATting. Also here is where you would change the IKE negotiation mode (called Exchange on the Sonicwall) to main.






Ping across the tunnel from the Cisco side and with any luck you will have a fully operational IPsec PSK VPN tunnel. :)

Update: I found this video when seeing how my page was ranking in search engines which is doing very poor, ha but I thought the video might help.


Tags: , , , , , ,

February 29, 2012 Tech