User Guide

Last updated by ah – October 30, 2000

Introduction:

VPN standards are still evolving and interoperability between products is a continued effort.

SonicWALL has made progress in this area and is interoperable with Cisco IOS/PIX using IKE as

shown below. Advanced setups are possible but are not covered in this document.

This tech-note assumes the reader has a working knowledge of Cisco IOS/PIX management

tools and SonicWALL appliance configuration. This tech-note describes the required steps to set-

up a compatible Security Association on both Cisco IOS/PIX and SonicWALL products.

Sample Network:

The network configuration shown below is used an example for VPN configuration

Summary:

SonicWALL has tested VPN interoperability with Cisco IOS/PIX versions greater than 12.0 and

5.0 using the following VPN Security Association information:

Keying Mode: IKE

IKE Mode: Main Mode

No PFS (perfect forward secrecy)

SA Authentication Method: Pre-Shared key

Keying Group: DH (Diffie Hellman) – Group 1

ID_Type: IP subnet

Encryption and Data Integrity: ESP DES or ESP 3DES with MD5

Known Limitations:

When using this tech-note, both Gateway IP addresses must be known. Cisco IOS/PIX can

support gateway-to-gateway VPN with only one static IP address, however this is not discussed

here. For more information please see Cisco and SonicWALL product documentation.

If you have a gateway-to-gateway VPN requirement with only one static IP, you may consider

using SonicWALL gateways on both ends.

IP 192.0.0.1

IP 10.0.0.1

IP 216.5.31.42

IP 128.6.3.12

Network 10.0.0.0

Mask 255.255.255.0

Internet

Network 192.0.0.0

Mask 255.0.0.0

CISCO IOS/PIX box