VPN to Sonicwall with source NAT

  • Hi All

    I need a build a VPN to a 3rd party vendor who are running sonicwall firewall (sorry, I don’t know the exact model).  We are running an SSG320 on our side.  I have built VPN to sonicwall before and it worked fine, but this time we also need to perform source based NAT to a DIP pool.

    So, in order to do NAT in the tunnel, we need to use a numbered tunnel.  But I don’t know if “numbered tunnels” is just a Juniper terminology, or if sonicwall has an equivalent.  Can I just number the tunnel on my side without the sonicwall having to have a “numbered tunnel” on their side ?  Will that work ?

    Thanks in advance for any help

  • you just have to route the remote network of the sonicwall through the tunnel. If you are using the trust-vr it will look like the following:

    set vrouter trust-vr route <remote-network mask="">interface tunnel.<interface number=""></interface></remote-network>

  • great, thanks for that.  In a normal numbered tunnel interface setup, the “next hop” would be the IP of the corresponding numbered tunnel on the other device.  So in this case, what would I put as the next hop ?  Just the untrust interface of the Soniwall ??

  • Hi,
    it should be no problem to have a numbered tunnel on your side.
    Configured this to ASAs already.
    Just take care that the proxy id matches.