[c-nsp] cisco nat breaks sonicwall

Stack, Stephen (Citco) sstack at citco.com
Thu Feb 17 04:05:14 EST 2011 

Came across an odd one recently with a clients sonicwall. May or may not be relevant, but check it out all the same

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7587&formaction=faqalert


Stephen Stack 


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Max Pierson
Sent: 16 February 2011 18:10
To: Adam Greene
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] cisco nat breaks sonicwall

MTUroute is your friend :)

http://www.elifulkerson.com/projects/mturoute.php

On Wed, Feb 16, 2011 at 10:02 AM, Adam Greene <maillist at webjogger.net>wrote:

> Hi,
>
> Having a weird issue where NAT on a Cisco 1841 (IP Base 12.4(22)T) prevents
> traffic from flowing through multiple models of Sonicwalls.
>
> On the 1841:  ip nat inside source list 102 interface Dialer1 overload
>
> The NAT works. Clients on the LAN can get to anything out on the Internet.
> But when they try to get to hosts out on the Internet that are behind
> Sonicwalls, the traffic fails. The weird thing is, you can telnet from LAN
> clients to servers behind the Sonicwalls, on various ports (25, 80, 143,
> 443, 993) but when attempting to access the Sonicwall hosts using a web
> browser, the connection fails. This is from multiple LAN clients (PCs and
> mobile devices).
>
> Anyone seen this behavior before?
>
> We have set MTU to 1404 on all interfaces of the 1841 ... does not help.
>
> When we do NAT on an ASA 5500 instead, no problem, clients can connect to
> servers behind the Sonicwalls fine.
>
> Is there some feature I should enable on the 1841? Stumped ...
>
> Thanks,
> Adam
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Disclaimer link.  To see it, click the link below, or copy and paste it into your browser's address line.
http://www.citco.com/emaildisclaimer.htm

More information about the cisco-nsp mailing list