Solved

networking issue between sonicwall TZ100 and ASA5505

Posted on 2013-06-25
6
287 Views
Last Modified: 2013-11-12
Sonicwall handles data network 10.0.0.0/24
ASA5505 handle voice network 10.0.1.0/24
ASA5505 IP 10.0.1.1/24  (inside)
I have configured the sonicwall x2 interface to have the IP of 10.0.1.253/24, and connected a cat5 to one of  the ports on the ASA5505 that's part of vlan1 (inside).
no special routes or acls have been done yet.
The Sonicwall  can ping all my 10.0.1.x IP's (10.0.1.253 (x2 on the sonicwall), 10.0.1.1 (asa5505), 10.0.1.107 (voip phone), etc..
But when I go to ping or browse to my phones using IE (10.0.1.107) I'm unable to ping them from the server or PC on the 10.0.0.0/24 network.
So is it a routing issue, or more of a DNS issue?
The only IP I can ping from the 10.0.0.x network is 10.0.1.253, which is the X2 interface on the sonicwall.

The goal is to be able to open IE on the server or PC that's on the 10.0.0.0/24 network, type in my voip ph IP of 10.0.1.107 and access the phones web interface.

I've also provided a simple network diagram.

thanks
Winston
network.jpg
0
Comment
Question by:spectrumIT
6 Comments
 
LVL 5

Expert Comment

by:JasonDuncanworks
Comment Utility
If you cannot ping by IP then its not a DNS issue, with SonicWALLS you have to rules to allow the traffic to go to the other subnets.

Check this see if it matches.

http://serverfault.com/questions/86325/sonicwall-route-traffic-through-specific-interface-based-on-destination
0
 
LVL 17

Expert Comment

by:lruiz52
Comment Utility
If you are not using a routing protocol, you will need to add a static route on the asa to the 10.0.0.0/24 network, you will also need some acl's
0
 
LVL 4

Expert Comment

by:iconnectu
Comment Utility
As lruiz52 write, you have to create a static roule on the ASA for the 10.0.0.0/24 Network. Otherwise the ASA will send all the traffic to the default Gateway (WAN).

If you try to ping a IP Adress, DNS is not involved. IF you try to Ping server.domain.local , you need DNS to translate den DNS name in a IP Address.

Also make sure, that the Firewall on the TZ100 is open from X2 to X0.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:spectrumIT
Comment Utility
ok, just need to clear up a few items..
I've put the 10.0.0.0/24 route into the ASA to the X2 (10.0.1.253), and I can ping everything on the 10.0.0.0/24 network from the ASA.

but I'm unable to ping from my PC or server on the 10.0.0.0/24 network to the phones on the 10.0.1.0/24 network.  The only thing I can ping is the x2 interface on the sonicwall which is 10.0.1.253.

The sonicwall wall itself can ping everything on the 10.0.1.0/24 network.

so I believe I need a route within the sonicwall - but when I talked with support they said no, and I've tried several different routes on the sonicwall and nothing as worked yet.
0
 

Accepted Solution

by:
spectrumIT earned 0 total points
Comment Utility
issue was resolved by multi homing a PC.
0
 

Author Closing Comment

by:spectrumIT
Comment Utility
n/a
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Sonicwall Web User login Redirect 9 32
L2 to EIGRP slow migration? 27 56
NSD FAIL 2 19
server plus 2 42
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now