SonicWALL VPN INTEROPERABILITY WITH CISCO IOS PIX USING IKE User Manual

SonicWALL VPN Interoperability with Cisco IOS/PIX using IKE

Tech note prepared by SonicWALL, Inc.

SonicWALL, Inc.

1160 Bordeaux Drive

Sunnyvale, CA

94089

1-408-745-9600

Last updated by ah – October 30, 2000

Introduction:

VPN standards are still evolving and interoperability between products is a continued effort.
SonicWALL has made progress in this area and is interoperable with Cisco IOS/PIX using IKE as
shown below. Advanced setups are possible but are not covered in this document.

This tech-note assumes the reader has a working knowledge of Cisco IOS/PIX management
tools and SonicWALL appliance configuration. This tech-note describes the required steps to set­up a compatible Security Association on both Cisco IOS/PIX and SonicWALL products.

Sample Network:

The network configuration shown below is used an example for VPN configuration

CISCO IOS/PIX box

IP 216.5.31.42

Internet

IP 128.6.3.12

IP 10.0.0.1

Network 10.0.0.0
Mask 255.255.255.0

Network 192.0.0.0
Mask 255.0.0.0

Summary:

SonicWALL has tested VPN interoperability with Cisco IOS/PIX versions greater than 12.0 and

5.0 using the following VPN Security Association information:
Keying Mode: IKE

IKE Mode: Main Mode

No PFS (perfect forward secrecy)
SA Authentication Method: Pre-Shared key
Keying Group: DH (Diffie Hellman) – Group 1
ID_Type: IP subnet
Encryption and Data Integrity: ESP DES or ESP 3DES with MD5

Known Limitations:

When using this tech-note, both Gateway IP addresses must be known. Cisco IOS/PIX can
support gateway-to-gateway VPN with only one static IP address, however this is not discussed
here. For more information please see Cisco and SonicWALL product documentation.

If you have a gateway-to-gateway VPN requirement with only one static IP, you may consider
using SonicWALL gateways on both ends.

IP 192.0.0.1

Last updated by ah – October 30, 2000