Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Try to move Cisco config to Sonicwall TZ-470

oleole Newbie ✭
edited November 2022 in Entry Level Firewalls

Hi, after hours of searching the net I want to ask, if someone here in the community can help with our configuration.

we have a Cisco router installed which is configured to connect 2 branches, some related lines from configuration:

!

crypto ipsec transform-set MYSET esp-3des esp-sha-hmac

 mode tunnel

!

crypto ipsec profile MYPROF01

 set transform-set MYSET01

!

interface GigabitEthernet0/1

 no ip address

 ip virtual-reassembly in

 duplex full

 speed 1000

!

interface GigabitEthernet0/1.1001

 encapsulation dot1Q 1001

 ip address 172.16.16.1 255.255.255.252

 ip nat inside

 ip virtual-reassembly in

 service-policy output EC100M-Voice

!

interface GigabitEthernet0/1.1002

 encapsulation dot1Q 1002

 ip address 172.16.16.5 255.255.255.252

 ip nat inside

 ip virtual-reassembly in

 service-policy output EC100M-Voice

!

interface Virtual-Template1 type tunnel

 ip unnumbered GigabitEthernet0/1

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile MYPROF01

!

ip route 192.168.100.0 255.255.255.0 172.16.16.6

ip route 192.168.200.0 255.255.255.0 172.16.16.2

!

On the sonicwall we have created the 2 virtual Interfaces v1001 and v1002 on a unused port (X3) and connected it to the next device but we are unable to ping the gateway-ips 172.16.16.2 and 172.16.16.6. Both interfaces are in the LAN-Zone and there is allowed any-any for testing. Unfortunately we are unsure, how to "translate" the cisco-config to sonicwall - hope someone here in the forum can help. May be NAT is missing or we have to configure a tunnel in addition?

If more information is needed pls. let me know.

Thanks a lot in advance.

Regards,

Olaf

Category: Entry Level Firewalls
Reply

Answers

  • oleole Newbie ✭
    edited July 2022

    we could solve the issue, thanks for reading.

Sign In or Register to comment.