Newbie: Cisco 851w and nat

Similar Messages

• Cisco 851W and VLANS

  Hello,
  I have a Cisco 851W router and I'm having this configuration:
  All LAN ports and dot11Radio are bridged.
  So now I'm trying to do this thing:
  I'm trying to create a wireless guest net .
  So i've created a bridging vlan 1 native that is for my current trusted ssid and another routing vlan an ssid that is for my guest net .
  The problem is that when i create vlan 1 it locks me out: i can connect to the wireless but i cant access nothing on the router (FastEthernet 0-4)
  Any solutions ? Thanks

  Thanks's for the response . I will try , but now
  i've discovered another problem that may cause this one
  Here is the link :
  http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dde0f45
  I will attach the running config , but i deleted any encrypted hashs and public ip's
  (this is a public forum after all}

• Cisco 851W - Internal WLAN and Guest WLAN

  I have a Cisco 851W Router, which has an IPSEC Tunnel back to my corporate office.
  I want to configure 2 WLANS, one for my internal network (vlan 1) which will have access to my corporate network, and one for guests which will just be for outbound internet access (http, https, ftp, sftp, etc ..).
  I have not been able to find any Cisco Documentation with how to accomplish. Can someone inform me where I can find this or supply me with some configuration examples?

  create 2 ip dhcp pools on the router for the 2 types of clients
  create  wlan for each type of client
  I'm assuming a wlc is involved, then hreap and allow both vlans, procedure will be slightly different for standalone
  acl by address to ban traffic from ipsec tunnel- easier on a WLC  interface than on the router, no wlc then on the router
  bob

• Cisco 1841 with 2 public WAN IP's and NAT

  OK currently the network is setup as follows:
  Zyxel SHDSL Router --> Linksys Router --> 10/100 Switch --> PC's
  x.x.x.145/28__________x.x.x.146/28____________________192.168.1.0/24
  The Linksys router is running inbound one-to-many PAT (eg. x.x.x.146:80 --> 192.168.1.10:8080)
  I'm looking to replace the setup with a Cisco 1841 router. Now normally I would configure the DSL interface as unnumbered to the internal LAN interface and use my public IP addys on this segment then passing through a PIX to NAT into private IP addys.
  The problem I have is I want the 1841 to be an all in one box performing DSL, Firewall and NAT functions.
  Now I thought I would configure the DSL as unnumbered to FastEthernet0/0 adding a secondary IP address of x.x.x.146/28. Interface configured as NAT outside.
  Interface FastEthernet0/1 was configured with 192.168.1.1/24 with NAT inside and connected to the switch.
  The problem was is that the FastEthernet0/0 interface line protocol was down as there was no need to connect it to anything.
  I then tried assigning the dialer interface a static IP of x.x.x.145/28 and x.x.x.146/28 as a secondary IP running NAT outside. I tried again but during boot up the router said you cant assign a secondary IP to the dialer interface.
  So my question is, how would you recommend setting up the interfaces to enable the router to have both x.x.x.145 and 146/28 as public IP's and NAT x.x.x.146:80 to 192.168.1.10:8080?
  Any help much appreciated.

  Answers:
  1) DSL is terminating in the 1841 on a SHDSL WIC
  2) No
  3) IP is negotiated
  4) Below is a config which I believe should work. Any recommended amendments?
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname trackgw
  boot-start-marker
  boot-end-marker
  no aaa new-model
  resource policy
  mmi polling-interval 60
  no mmi auto-configure
  no mmi pvc
  mmi snmp-timeout 180
  ip subnet-zero
  ip cef
  no ip dhcp use vrf connected
  username cisco privilege 15 secret xxx
  controller DSL 0/0/0
  mode atm
  line-term cpe
  dsl-mode SHDSL symmetric annex B
  line-rate AUTO
  interface FastEthernet0/0
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  duplex auto
  speed auto
  interface FastEthernet0/1
  no ip address
  duplex auto
  speed auto
  interface ATM0/0/0
  no atm ilmi-keepalive
  pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
  interface Dialer1
  ip address negotiated
  ip nat outside
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  no cdp enable
  encapsulation ppp
  no cdp enable
  ppp authentication chap callin
  ppp chap hostname username
  ppp chap password 0 password
  ppp ipcp dns request
  ip classless
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip http server
  ip http authentication local
  ip nat inside source list nat-acl interface Dialer1 overload
  ip nat inside source static tcp 192.168.1.10 8080 x.x.x.146 80
  ip access-list extended nat-acl
  permit ip 192.168.1.0 0.0.0.255 any
  dialer-list 1 protocol ip permit
  no cdp run
  control-plane
  line con 0
  logging synchronous
  login local
  transport output all
  line aux 0
  transport output all
  line vty 0 4
  privilege level 15
  login local
  transport input telnet
  scheduler max-task-time 5000
  end

• Cisco ASA Site to Site IPSEC VPN and NAT question

  Hi Folks,
  I have a question regarding both Site to Site IPSEC VPN and NAT. Basically what I want to achieve is to do the following:
  ASA2  is at HQ and ASA1 is a remote site. I have no problem setting up a  static static Site to Site IPSEC VPN between sites. Hosts residing at  10.1.0.0/16 are able to communicate with hosts at 192.168.1.0/24, but  what i want is to setup NAT with IPSEC VPN so that host at 10.1.0.0/16  will communicate with hosts at 192.168.1.0/24 with translated addresses
  Just an example:
  Host N2 (10.1.0.1/16) will communicate with host N1 192.168.1.5 with  destination lets say 10.23.1.5 not 192.168.1.5 (Notice the last octet  should be the same in this case .5)
  The same  translation for the rest of the communication (Host N2 pings host N3  destination ip 10.23.1.6 not 192.168.1.6. again last octet is the same)
  It sounds a bit confusing for me but i have seen this type of setup  before when I worked for managed service provider where we had  connection to our clients (Site to Site Ipsec VPN with NAT, not sure how  it was setup)
  Basically we were communicating  with client hosts over site to site VPN but their real addresses were  hidden and we were using translated address as mentioned above  10.23.1.0/24 instead of (real) 192.168.1.0/24, last octet should be the  same.
  Appreciate if someone can shed some light on it.

  Hi,
  Ok so were going with the older NAT configuration format
  To me it seems you could do the following:
  Configure the ASA1 with Static Policy NAT 
  access-list L2LVPN-POLICYNAT permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0
  static (inside,outside) 10.23.1.0 access-list L2LVPN-POLICYNAT
  Because the above is a Static Policy NAT it means that the translation will only be done when the destination network is 10.1.0.0/16
  If you for example have a basic PAT configuration for inside -> outside traffic, the above NAT configuration and the actual PAT configuration wont interfere with eachother
  On ASA2 side you can normally configure NAT0 / NAT Exemption for the 10.1.0.0/16 network 
  access-list INSIDE-NONAT remark L2LVPN NONAT
  access-list INSIDE-NONAT permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
  nat (inside) 0 access-list INSIDE-NONAT
  You will have to take into consideration that your access-list defining the L2L-VPN encrypted traffic must reflect the new NAT network 
  ASA1: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.23.1.0 255.255.255.0 10.1.0.0 255.255.0.0
  ASA2: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
  I could test this setup tomorrow at work but let me know if it works out.
  Please rate if it was helpful
  - Jouni

• ASA5505 SOHO public ip range and nat head ache

  Hello
  Can anyone shed some ligh on a problem im having. We have setup a ASA 5505 with an ISP called Zen that allocates you a subnet of public ip addresses. i have sucessfully  setup the asa to access the internet using nat on the outside interface. we would like to use the other ip addresses in the range for other services but i cannot think how i can do this/configure this.
  LAN > ASA5505 > VDSL Modem > ISP
  the range they have given us is
  Number of IP addresses: 8
  IP addresses: XX.XX.XXX.40 - XX.XX.XXX.47
  Subnet mask: 255.255.255.248
  Subnet in slash notation: XX.XX.XXX.40 /29
  Network address: XX.XX.XXX.40
  XX.XX.XXX.41
  XX.XX.XXX.42
  XX.XX.XXX.43
  XX.XX.XXX.44
  XX.XX.XXX.45
  XX.XX.XXX.46 Router
  Broadcast address: XX.XX.XXX.47
  Router address: XX.XX.XXX.46
  i have setup XX.XX.XXX.46 on the otside interface and hosts inside can access the net and nat from the internet to internal devices all work.
  we have a vdsl modem connected to the outside interface and using PPPoE we dynamically get the XX.XX.XXX.46/32 address.
  Is there any way i can use the other spare addresses? i do see how i can use them. i have done a lot of browsing and the only way i see that other people have been able to do this is using a layer3 device and using ip unnumber of the external int point to a loopback,
  any info or advice would be gratefully received.
  regards
  C.

  Hello
  the version is Cisco Adaptive Security Appliance Software Version 9.2(2)4
  debugging icmp i see pings to the .46 address however i see no pings/traffic received on the asa for the other addresses. how does zen know to route the xx.xx.xx.41 to .45 ip addresses to the firewall using the .46 address?
  the nat rules i have are
  nat (Vlan200_Int,Outside_Dirty_Int) dynamic interface < this works for lan access to the internet
  nat (Vlan200_Int,Outside_Dirty_Int) static xx.xx.xx.45 no-proxy-arp service tcp www 65100
  nat (Vlan200_Int,Outside_Dirty_Int) static xx.xx.xx.45 no-proxy-arp service tcp https 65101
  access-list Outside_Dirty_Network_access_in extended permit tcp object Click_PC object ESXi object-group DM_INLINE_TCP_7
  object-group service DM_INLINE_TCP_7 tcp
  port-object eq 902
  port-object eq www
  port-object eq https
  thanks for the help

• Internal DNS server and NAT routing issue.

  Hi -- I am not terribly experienced with DNS and I am running into an issue that I can't seem to resolve. My company.com DNS information is hosted by an outside ISP for email, web, etc... but I have configured an A record there to point to the public IP to my mac os x server (server.company.com).
  We have a cisco router configured with one to one NAT from the public IP to the internal IP for our server in a 192.168.15.x subnet. The same router is running DHCP and and NAT on that subnet under a different public IP provided by our ISP.
  Our server is running DNS with recursion and has a "company.private" zone set up for internal services and machine names. Thus, the server is accessible via "server.company.com" from the outside and "server.company.private" from the private LAN.
  The problem is that I would like to be able to access some services simply via "server.company.com" both inside and outside the private network. Now, accessing the "server.company.com" services from the private lan does not work because the name resolves to the external IP and the external IP cannot be used internally due to NAT.
  Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
  I know that I could manually duplicate all entries for our domain from my ISP and host the same entries for internal clients, but it would be much easier to only have our server handle requests for itself. The server is running OS X Server 10.4.11.
  Thanks

  Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
  Ordinarily, no. Once your server thinks it is responsible for a zone (e.g. company.com) then it will answer all queries for that domain and never pass them upstream. Therefore you'd have to replicate all the zone data, including all the public records, and maintain them both.
  The one possible exception to this (I haven't tried) is to create a zone for server.company.com that has your internal address. In theory (like I said, I haven't tried this), the server should respond to 'server.company.com' lookups with its own zone data and defer all other lookups (including other company.com names since they're not in a zone it controls). Might be worth trying.

• How to configure one dsl connection and one public ip in cisco router and map to one interface for using exchange server

  how to configure one dsl connection and one public ip in cisco router and map to one interface for using exchange server

  Hi ,
   Have you got any additional public IP Address from your service provider , If yes on router you can have static route for those additional IP Address pointing to your ASA  outside interface . 
  Accordingly you can configure NAT 
  HTH
  Sandy . 

• Urgent!!! Cisco ACE and asymetric routing assistance needed

  I am wondering if someone can give me pointers on the cisco ACE
  and asymetric routes. I've attached the diagram:
  -Cisco IOS IP address is 192.168.15.4/24 and 4.1.1.4/24
  -Firewall External interface is 192.168.15.1/24,
  -Firewall Internal interface is 192.168.192.1/24,
  -F5_BigIP External interface is 192.168.192.4/24,
  -F5_BigIP Internal interface is 192.168.196.1/24 and 192.168.197.1/24,
  -host_y has IP addresses of 192.168.196.10/24 and 192.168.197.10/24,
  -Checkpoint has static route for 192.168.196.0/24 and 192.168.197.0/24
  pointing to the F5_BigIP,
  -host_y is dual-home to both VLAN_A and VLAN_B with the default
  gateway on host_y pointing to VLAN_A which is 192.168.196.1,
  -host_x CAN ssh/telnet/http/https to both of host_y IP addresses
  of 192.168.196.10 and 192.168.197.10.
  In other words, from host_x, when I try to connect to host_y
  via IP address of 192.168.197.10, the traffics will go through VLAN_B
  but the return traffics will go through VLAN_A. Everything
  is working perfectly for me so far.
  Now customer just replaces the F5_BigIP with Cisco ACE. Now,
  I could not get it to work with Asymetric route with Cisco ACE. In
  other words, from host_x, I can no longer ssh or telnet to host_y
  via IP address of 192.168.197.10.
  Anyone knows how to get asymetric route to work on Cisco ACE?
  Thanks in advance.

  That won't work because ACE uses the vlan id to distinguish between flows.
  So when the response comes back on a different vlan, ACE can't find the flow it belongs to and it drops it.
  Even if we could force it to accept the packet, ACE would then try to create a new flow for this packet and it will collide with the flow already existing on the frontend.
  You would need to force your host to respond on the same vlan the traffic came in.
  This could be done with client nat on ACE using different nat pool.
  Gilles.

• Cisco 871w and LAN (What did I get myself Into!)

  Hey all,
  Little background info:
  - Took the CCNA1-4 via college course about 3 years ago, haven't used the knowlege since
  - most of my experience in the real world has been non-managed networks, but taking care of Windows Terminal Servers.
  - basically I think I need to re-educate myself
  Current Network:
  Windows Domain
  45 workstations
  4 buildings
  Breakdown
  Head Office:
  - Main Distribution point
  - WAN: Cisco Router and DSL modem owned by provider
  - Firewall: WatchGuard Firewall (/w 5 VPN connections)
  - 1 x 48 port Managed Switch (acting as simple switch)
  - Windows SBS 2003 server with Exchange, SQL, and using VPN here as well
  - We have about 6 other switches that are not managed in the build
  - 1 cable run through building. At the end of this building is a fiber connection to the next building
  - 15 workstations
  BUilding 2:
  - Fiber connection from Head Office
  - 1 single CAT 5e from Fiber switch to Unmanaged Switch (Switch 1)
  - 1 single CAT 5e from unamanaged switch to half-way point of building where we have another unmanaged switch (Switch 2)
  - 1 single CAT 5e from from Switch 1 to another small building (building 4) with a small unmanaged switch and 2 workstations
  - 1 single CAT 5e from Switch 2 - to end of building, underground to building 3
  - 1 Workstation attached to Switch 2
  Building 3:
  1 x 24 port Managed Switch with connection from Building 2 (this switch being used as a normal switch)
  25 workstations in here, various distances with small workstation switches throughout.
  Working with new equipment:
  - we upgraded DSL (cheaper) to a 5 Static IP package, this is a seperate circuit for now - so I can configure everything and
  not disrupt current services.
  - using test PC and connection on this DSL to make sure most everything is working.
  - Purchased 871w to replace their router and to replace our Firewall which has a faulty nic and is limited in functionality.
  - 6 months from now, adding Fortigate 100A Appliance
  - over next 2 years - all switches will be managed
  First question: Anyone have a real good resource on how inside local, inside global, outside local, outside global works for ACL's? Isn't there something similar for NAT/PAT?
  Second Question: Just looking for some best practice solutions. Should I bother with VLAN's at this time, just leave everything on VLAN since
  there can be no real seperation throughout the company. Suggestions?
  Outside Services required:
  - Webmail - using OWA:
  - host header: webmail.companyname.com
  - can the router block all requests to this that are made via port 80 and allow the HTTPS ones through?
  - since i have 5 statics, using NAT can I have one of the external IP's used for webmail... this can be done using static NAT and firewall rules?
  - Exchange Server forwards all SMTP requests to ISP mail server.
  - No RDP directly to network resources without vpn activity - taken care of implicet deny.
  - Will it be possible to use my other 4 static IP's, say I create a DNS entry for ftp.companyname.com. I assume a static entry in NAT will take care of sending all requests to another network box.
  VPN:
  Will require VPN connections, there seems to be a ton of different ones. What is the easiest to create for a few home systems
  that the VPN client can be installed and configured? Can this be managed with a push policy, can different user accounts be
  created with different policies:
  i.e: * Steve logs in via VPN, can RDP to a desktop to access server resources but I don't want him to be able to connect to \\serverip\share
  * Bob is a user, bob currently vpn's and obtains an IP 10.0.0.249, bob shares a printer that we use to print to. I don't want bob to be able to access any other resources on our network, but users can print to Bob's remote printer.
  I'm over thinking all this, and getting confused - a nice simple step approach required - I feel like I'm drowning -lol

  try the following links
  inter vlan
  http://www.cisco.com/en/US/products/hw/switches/ps672/products_configuration_example09186a00800941b4.shtml
  NAT
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080881718.shtml
  how NAT works
  http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml
  VPN
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080235197.shtml
  useful vpn links
  http://www.cisco.com/en/US/products/sw/secursw/ps2308/prod_configuration_examples_list.html
  good luck
  Please, if helpful Rate

• Cisco 831 and "Can't get video from the camera."

  I'm running a Cisco 831 router with ios 12.4(5a) installed. Every time I try to initiate a video chat with a computer going through the router, I get the "Can't get video..." error. It works fine with computers on my internal network and if I bypass the Cisco router and plug straight into my Cable modem.
  I've covered every conceivable TCP/UDP port being open (per numerous pages re: port 5060, 5190, etc.) and have even gone as far as testing with "permit UDP any any" and "permit TCP any any" at the top of the rules. No luck.
  I've been reading about the possibly needing to "unbind" SIP (port 5060). Is this something that a Cisco 831 router would require? The router doesn't seem to respond to any of the documented Cisco command re: VoIP and does not have any phone support that I'm aware of.
  If anyone has any info that can help me get his up-and-running, I'd be much obliged.
  Thanks,
  Matheau

  Hi Kcritchie,
  It will most likely look like that. But in this case it should be on the UDP protocol.
  The link looks useful (it takes a scroll down to see it for others looking)
  If I do nat bindlist in my Alcatel I get this
  Last login: Thu Jun 29 12:36:20 on console
  Welcome to Darwin!
  Ralph-G4:~ Ralph$ telnet 10.0.0.138
  Trying 10.0.0.138...
  Connected to speedtouch.johnshome.
  Escape character is '^]'.
  Username :
  (Pic line drawing edited out here )
  =>nat bindlist
  Application Proto Port
  ESP esp 1
  FTP tcp 21
  GRE gre 1
  H323 tcp 1720
  IKE udp 500
  ILS tcp 389
  ILS tcp 1002
  IP6TO4 6to4 1
  IRC tcp 6660-6670
  JABBER tcp 5222
  JABBER tcp 15222
  PPTP tcp 1723
  RAUDIO(PNA) tcp 7070
  RTSP tcp 554
  =>
  On my device this is because the SIP binding on UDP port 5060 is unbound.
  2:30 PM Thursday; June 29, 2006

• Cisco 851W Problems

  I am having problems connecting some HTC smartphone devices to a CISCO 851W router. The devices receive the SSID but when we try to connect to the router they can't. The router works well for other devices (latops, PDAs) and the smartphones have worked well with a Linksys router, so the problem is specific to this the conncetion between this router and this devices.
  Any help about this is welcomed.

  What parameters are you using? (WEP / WPA {TKIP | AES}) etc ...
  My 8525 didn't work well using AES. TKIP was OK.
  It hardly worked at all with the factory / MS mobile drivers. I added Odyssey (now from Juniper ~US$35.00)and it connected nearly every time, and even worked with EAP-FAST.
  Good Luck
  Scott

• CSS 11500 url path rewrite and NAT

  Hi,
  We are evaluating a CSS 11500 and try to configure url path rewrite and NAT, but we have some problems.
  What we would like to do is the following:
  http://www.example.com/path1 -> http://host1:80
  http://www.example.com/path2 -> http://host1:8080
  http://www.example.com/path3 -> http://host2:80
  The address www.example.com is resolving to a valid internet address, whereas host1 and host2 resolves to private IP addresses.
  The client should always see the external url (e.g. http://www.example.com/path1/...) and the CSS should do the necessary translation.
  Any help would be very much appreciated!
  Regards,
  Harald

  Hello Experts, I'm new with this cisco stuff too(just got it 3 weeks ago), but here is some of my experience with cisco css 11501.
  First : Service ServerName, there is a port setting here, but from my experience, I think it is related with KeepAlive option, so, port is alternate way to know if the server alive or not.
  Second : When you send request to cisco css, the port option in content port will be the cisco css port to accept request, so, if you send a request to http://vip:8080/, all service must be in the same port too to balance the request, in this case, port 8080, if one service port 80, i'm sure the css will not hit the server.
  Third : To solve your problem...
  http://www.example.com/path1 -> http://host1:80 (ipA)
  http://www.example.com/path2 -> http://host1:80 (ipB)
  http://www.example.com/path3 -> http://host2:80
  if you are lazy to buy new nic, just set subinterface/ip alias on the host1, and make the webserver only bind to specific address, not to all interface...
  O yea, about your path1/path2/path3 -> /, hmm, i'm still asking in this forum about path changing cause until now, i haven't know how to do this, i know about apache rewrite module, and success do this, if only i know about this in cisco css too :-(
  I'm sorry if I make mistake, I'm just telling my experience...

• Cisco ISA 550 NAT problem

  Hi all,
  I have bought a Cisco ISA 550 small business firewall and I had to face to a problem when I configure the NAT.
  My scenario is,
  I have a mail server in my LAN which is need to be access from both inside and outside
  My lan network is 192.168.0.0/24
  I have a PPPoE WAN connection with a static IP
  Mail server IP 192.168.0.15/ 24
  There is not a DMZ zone. I need to NAT this server to my WAN IP and that WAN IP is also used
  to provide internet connection to other LAN users. I could do this with my previous ADSL
  router and i tried to do this with firewall but couldn't acheive the task.
  Hope a help from some expert.
  Thanks,
  Charith

  Do you want that your internal clients connect to the WAN IP and get natted to the local LAN IP?
  Then open the Maintain and Operate Guide at cisco.com and search for "hairpinning".
  Michael
  Please rate all helpful posts

• Need help with troubleshooting VPN betwen Cisco 2911 and Dell Sonicwall 4060

  Hello all,
  I am trying to set up a VPN Tunnel between the devices mentioned above.  The tunnel appears to be established, but I've encountered some issues along the way.  I can ping from the Cisco 2911 to a server behind the Sonicwall, but I cannot ping from that server to the Cisco router unless the router is pinging the server at the same time.  What should I do to fix this problem?
  UPDATE:  The tunnel is no longer working between the two devices.  The end result I am looking for is to have a VPN tunnel between these two devices which does NAT and allows me to ping across without having to constantly ping to keep the session open.  Before the tunnel went down, I was able to ping that server behind the sonicwall using a port on the inside of the firewall as a source port for the ping, and at one point I was able to ping back to the router from the server, but was unable to ping beyond that interface.  I think the problem that I am running into has to do with the zone-based firewall configurations that are already on the router.  I don't want to mess with those configurations already in place, but I am not sure how to get this tunnel working.  I'm fairly certain I need to start from the beginning in regards to this tunnel, but I cannot figure out how to configure this the right way. 
  Thanks in advance for any help
  Michael
  Message was edited by: Michael Sotalin

  Finally the testing is successful on Sonicwall NSA 240 as well with Cisco ASA. Actually somehow Sonicwall firewall was discovering my VPN Box's Public leg (Private IP (10.10.50.10)) as well, which was behind a Live Peer IP (203.124.x.x). As per security policies it shouldnt have been discovered on the remote end. i will bring this in Cisco TAC notice.
  Logs of Sonicwall were showing ASA local ike id as "203.124.x.x" & ASA Remote ike id "10.10.50.10".
  Sonicwall sets these two parameters with PSK (local ike id & remote ike id). This is other than setting the Peer IP. i asked my client to add my ASA actual and NAT IP in these two parameters and the VPN got UP.