Solved

VPN: ASA to SonicWall

Posted on 2013-12-23
6
550 Views
Last Modified: 2014-01-06
Hey EE,

Having an issue with pinging internal LAN machines behind a Sonicwall firewall from a server behind the ASA.   I have a site to site Cisco ASA 5505 to a Sonicwall at the other end.   VPN is up and passing traffic, but on the server I can not ping the internal behind the Sonicwall.  I can ping the Sonicwall Gateway 192.168.1.1, but after that nothing on LAN side behind Sonicwall is pinging.  

ASA side:
Can ping Sonicwall gateway 192.168.1.1
But can not ping anything behind the Sonicwall.  

Any clue?
0
Comment
Question by:ilivegolive
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 

Author Comment

by:ilivegolive
ID: 39736683
Inside the Sonicwall firewall I see VPN to LAN, and LAN to VPN access allowed.  The ASA is receiving and transmitting and on the firewall, VPN is active.
0
 
LVL 10

Expert Comment

by:convergint
ID: 39736714
So clients from the Sonicwall side can ping the server and other clients on the ASA side?
0
 

Author Comment

by:ilivegolive
ID: 39736726
Hey convergint, - forgot to mention that.  No client behind the Sonicwall can ping the server behind the ASA.  But.....the Sonicwall can ping the server.   So from the Sonicwall GUI interface tool, the server is pingable, but the LAN PCs are not able to.  The LAN PCs are plugged into a switch.  They get internet access just cant ping the server or the subnet the server lives on.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 10

Accepted Solution

by:
convergint earned 500 total points
ID: 39736733
It sounds like the NAT routing is not setup properly on the ASA.  The Sonicwalls will automatically add a route to the VPN connections but the ASA's do not.
0
 

Author Comment

by:ilivegolive
ID: 39738456
Hey convergint -

The current ACL is

access-list CUSTOMER extended permit ip 10.15.213.87 255.255.255.224 192.168.1.0 255.255.255.0

Traffic is being received and sent.  I was figuring it could be something up with the Sonicwall as the ASA can ping the Sonicwall and the Sonicwall can ping the ASA.

10.15.213.87 is where the server lives behind the ASA.  192.168.1.0 the LAN behind the Sonciwall with .1 being the gateway.
0
 

Author Comment

by:ilivegolive
ID: 39759429
This has been resolved.  Rebuilt the tunnel on the ASA.  Traffic is passing through to the LAN behind the Sonicwall now.  Not sure to sure what happened.  Before I rebuilt the tunnel, i saw traffic passing just fine.  But the interesting part is, the traffic that was passing was very small.  But after I rebuilt the tunnel, the traffic received and sent was very large.  Thanks convergint, i feel it could have been something goofed with the Access List / NAT
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This article is a how to to configure a UCS Ethernet-uplink portchannel via the console. It is easy to do and can be done quite quickly. In certain versions of the UCS manager the portchannel has issues coming up and this is a workaround. I am…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question