I have a routing problem. (Cisco/sonicwalls)

I have a routing problem.

I have setup a VPN tunnel with two sonicwalls as follows:

sonicwall at remote office: 172.16.100.1

sonicwall nsa240 at main office:
internal ip 172.22.1.1
This firewall site in front of a cisco router which ties several subnets together, meaning the internal networks. This cisco has an interface on the network as 172.22.1.2 the other network interfaces are 172.16.1-10.x, with the server network as 172.16.4.x in this setup.

The sonicwall tunnel works, but I can't route past this cisco.

So, to explain it best, I can ping the cisco 172.22.1.2 from the remote network (172.16.100.x), but I cannot ping through the cisco to the 172.16.4.x network behind it.

Conversely, when I am on the server network I cannot ping the remote network properly, I get a reply back from the 172.22.1.2 interface of the cisco as
Reply from 172.22.1.2: TTL expired in transit
(To be clearer I can ping the remote 172.16.100.x network resources from the firewall itself (172.22.1.1).

Ugh. And to note, the global vpn clients work through this network ok, as they receive a 172.22.1.x address from the main firewall. They can access internal 172.16.4.x resources ok.

It's like maybe I'm trying to many hops?
LVL 5
bkellyboulderitAsked:
Who is Participating?
 
JFrederick29Commented:
Does the "interesting traffic/encryption domain" policy on the Sonicwalls include 172.16.0.0/16 to cover the internal networks 172.16.1-10.x?
0
 
bkellyboulderitAuthor Commented:
I fixed it yesterday by adding the subnet I needed to the local networks part of the policy. Ironically, that is what you just posted, and so hey, you can have the points.
0
 
JFrederick29Commented:
Thanks! and glad to hear you got it working.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.