FYI- after troubleshooting this issue, it turns out that the ISP Allegiance Telecom had improperly set up the nat. as soon as they fixed it, the vpn connection established perfectly. thanks for the input.
Jeff -----Original Message----- From: Dude, Curtis [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 10:05 AM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- box2box vpn setup If you can ping your sonicwall SOHO3 at a Public IP it should work. Is there anything in the SOHO3 log? -Curtis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Vogt Sent: Thursday, May 30, 2002 12:46 PM To: '[EMAIL PROTECTED]' Subject: [SonicWALL]- box2box vpn setup Currently I have a working setup that looks like this. clients use the sonicwall vpn client, cisco router sis in fron of the sonicwalll pro. cisco performs nat which leaves my sonicwall in standard mode. Sonicwall public ip of 64.x.x.x nat'd to private ip of 10.x.x.x. When I originally set this up 2 years ago, sonicwall support would not help me with the setup because they said vpn would not work with the router performing nat in front of the sonicwall. But like I said, it has been working perfectly. new scenario, isp router performs NAT, sonicwall soho3 w/vpn upgrade in standard mode. public ip nat'd to private ip of sonicwall. the only difference is that now I am using the sonicwall tele3 with vpn instead of the vpn client. the sonicwall tele receives dhcp address from isp. I followed the box2box (for ike shared secret)setup instructions to the letter. security association names are configured appropriately, but I have not been successful. shared secrests match and conform to a-f and 0-9 criteria. the only info in the sonicwall tele3 log is that either the attempt timed out, or that there is an sa mismatch (I do not have the exact message, but that is pretty much it. so my question is, has anyone done this successfully, with the sonicwall behind a nat device? or is the nat somehow confusing the authentication? does not seem to me that it should be any different than my previous setup. thanks Jeff --- [This E-mail scanned for viruses by Declude/F-Prot AV] ============================================================================ ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot AV] ============================================================================ ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot AV] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
