• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 454
  • Last Modified:

I have a routing problem. (Cisco/sonicwalls)

I have a routing problem.

I have setup a VPN tunnel with two sonicwalls as follows:

sonicwall at remote office:

sonicwall nsa240 at main office:
internal ip
This firewall site in front of a cisco router which ties several subnets together, meaning the internal networks. This cisco has an interface on the network as the other network interfaces are 172.16.1-10.x, with the server network as 172.16.4.x in this setup.

The sonicwall tunnel works, but I can't route past this cisco.

So, to explain it best, I can ping the cisco from the remote network (172.16.100.x), but I cannot ping through the cisco to the 172.16.4.x network behind it.

Conversely, when I am on the server network I cannot ping the remote network properly, I get a reply back from the interface of the cisco as
Reply from TTL expired in transit
(To be clearer I can ping the remote 172.16.100.x network resources from the firewall itself (

Ugh. And to note, the global vpn clients work through this network ok, as they receive a 172.22.1.x address from the main firewall. They can access internal 172.16.4.x resources ok.

It's like maybe I'm trying to many hops?
  • 2
1 Solution
Does the "interesting traffic/encryption domain" policy on the Sonicwalls include to cover the internal networks 172.16.1-10.x?
bkellyboulderitAuthor Commented:
I fixed it yesterday by adding the subnet I needed to the local networks part of the policy. Ironically, that is what you just posted, and so hey, you can have the points.
Thanks! and glad to hear you got it working.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now