VPN: ASA to SonicWall

Posted on 2013-12-23
Medium Priority
Last Modified: 2014-01-06
Hey EE,

Having an issue with pinging internal LAN machines behind a Sonicwall firewall from a server behind the ASA.   I have a site to site Cisco ASA 5505 to a Sonicwall at the other end.   VPN is up and passing traffic, but on the server I can not ping the internal behind the Sonicwall.  I can ping the Sonicwall Gateway, but after that nothing on LAN side behind Sonicwall is pinging.  

ASA side:
Can ping Sonicwall gateway
But can not ping anything behind the Sonicwall.  

Any clue?
Question by:ilivegolive
  • 4
  • 2

Author Comment

ID: 39736683
Inside the Sonicwall firewall I see VPN to LAN, and LAN to VPN access allowed.  The ASA is receiving and transmitting and on the firewall, VPN is active.
LVL 10

Expert Comment

ID: 39736714
So clients from the Sonicwall side can ping the server and other clients on the ASA side?

Author Comment

ID: 39736726
Hey convergint, - forgot to mention that.  No client behind the Sonicwall can ping the server behind the ASA.  But.....the Sonicwall can ping the server.   So from the Sonicwall GUI interface tool, the server is pingable, but the LAN PCs are not able to.  The LAN PCs are plugged into a switch.  They get internet access just cant ping the server or the subnet the server lives on.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

LVL 10

Accepted Solution

convergint earned 1500 total points
ID: 39736733
It sounds like the NAT routing is not setup properly on the ASA.  The Sonicwalls will automatically add a route to the VPN connections but the ASA's do not.

Author Comment

ID: 39738456
Hey convergint -

The current ACL is

access-list CUSTOMER extended permit ip

Traffic is being received and sent.  I was figuring it could be something up with the Sonicwall as the ASA can ping the Sonicwall and the Sonicwall can ping the ASA. is where the server lives behind the ASA. the LAN behind the Sonciwall with .1 being the gateway.

Author Comment

ID: 39759429
This has been resolved.  Rebuilt the tunnel on the ASA.  Traffic is passing through to the LAN behind the Sonicwall now.  Not sure to sure what happened.  Before I rebuilt the tunnel, i saw traffic passing just fine.  But the interesting part is, the traffic that was passing was very small.  But after I rebuilt the tunnel, the traffic received and sent was very large.  Thanks convergint, i feel it could have been something goofed with the Access List / NAT

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Watch the video to know the simple way to remove or recover or reset lost or forgotten passwords of Outlook PST file. With Kernel Outlook Password Recovery tool such operation is very easy to perform. It is a freeware with limitation to use with 500…

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question