I have a routing problem. (Cisco/sonicwalls)
Posted on 2009-04-30
I have a routing problem.
I have setup a VPN tunnel with two sonicwalls as follows:
sonicwall at remote office: 172.16.100.1
sonicwall nsa240 at main office:
internal ip 172.22.1.1
This firewall site in front of a cisco router which ties several subnets together, meaning the internal networks. This cisco has an interface on the network as 172.22.1.2 the other network interfaces are 172.16.1-10.x, with the server network as 172.16.4.x in this setup.
The sonicwall tunnel works, but I can't route past this cisco.
So, to explain it best, I can ping the cisco 172.22.1.2 from the remote network (172.16.100.x), but I cannot ping through the cisco to the 172.16.4.x network behind it.
Conversely, when I am on the server network I cannot ping the remote network properly, I get a reply back from the 172.22.1.2 interface of the cisco as
Reply from 172.22.1.2: TTL expired in transit
(To be clearer I can ping the remote 172.16.100.x network resources from the firewall itself (172.22.1.1).
Ugh. And to note, the global vpn clients work through this network ok, as they receive a 172.22.1.x address from the main firewall. They can access internal 172.16.4.x resources ok.
It's like maybe I'm trying to many hops?