We’ll start the configuration of the VPN tunnel on the Cisco ASA side. First off, let’s start the ASDM.

image

Click on the Wizards option on the Menu Bar (top left), then select the IPsec VPN Wizard.

image

Select the Site-to-site option and pick your VPN Tunnel Interface. In our case it is the outside interface of the ASA.

image

Specify the Peer IP address. This is the IP address of the WAN interface on your Sonicwall appliance. Next, specify the Pre-Shared Key (keep track of this key as you’ll need it to complete the configuration on the Sonicwall end).

image

In the next step of the Wizard, select the encryption and authentication method used for IKE Phase 1. Document what you have specified here, as you’ll need to match it exactly in the Sonicwall configuration.

image

In Step 4 of the IPsec Wizard we need to configure IPsec/Phase 2 encryption and authentication types.

image

Lastly, we need to configure which Local and Remote network (one or multiple) we’d like to use. Let’s say your local subnet (behind the Cisco ASA) is 192.168.1.0/24. You’d configure that as your local network.

Similarly, let’s say you want to access two subnets behind the Sonicwall firewall: 10.1.1.0/24 and 10.1.2.0/24. You need to specify those in the Remote Networks field.

image

Once done, click on the Next button. Review the configuration and click on Finish. This will apply these settings to the ASA. This completes the configuration of the IPsec tunnel on the Cisco ASA side.

To configure your Sonicwall firewall, sign into the device using the Web interface. Once logged in, navigate to VPN>Settings.

image

Under the VPN Policies section click on the Add… button.

image

A new window will pop up. Under the General tab, we need to select Site to Site as the Policy Type. Additionally we want to use IKE using Preshared Secret as the Authentication. Next, specify the Name of the Policy (this can be anything you like). In the IPsec Primary Gateway Name or Address enter in the address of your remote peer. This will be the IP address of the outside interface of your Cisco ASA. Lastly enter in and confirm the Shared Secret (this is the Pre Shared Key you have already configured on the Cisco ASA side of things). Note that the Shared Secret (on Sonicwall) and Pre Shared Key (on Cisco ASA) have to match exactly, or the tunnel will not come up.

image

On the network tab, we need to configure the Local and Remote network. Following the example above we would configure 10.1.1.0/24 and 10.1.2.0/24 as our local networks and 192.168.1.0/24 as our remote network.

Finally, make sure that you match all of the settings for Phase 1 and 2 proposals exactly with values you have configured on the ASA.

image

Once configured correctly, you will see an active VPN connection on you Sonicwall.

image

On the Cisco side you can issue a show crypto isakmp sa command to see all of the active tunnels.

image

%d bloggers like this: