SonicWALL VPN to Cisco ASA
On the Cisco side there are two subnets (172.16.0.16/29 and 10.0.0.0/22)
On the SonicWALL side there are two subnets (192.168.0.0/24 and 10.0.0.0/24)
Three subnets total - 18.104.22.168/29 - 192.168.0.0/24 - 10.0.0.0/22 and /24
Without using NAT in the policy the Cisco side is able to ping 192.168.0.1 (remote gateway). The SonicWALL side is able to ping 172.16.0.17 (remote gateway of subnet 1) but cannot ping 10.0.0.254 (remote gateway of subnet 2) because the SonicWALL is also managing the same subnet locally.
I know when you try to set up a VPN where the subnets on both sides match (in this case 10.0.0.0) you need to use NAT tables, but how do you set up a VPN where you link multiple networks where only one subnet overlaps?
Local 10.0.0.0/24 --> NAT 10.100.0.0/24
Remote 10.0.0.0/22 --> NAT 10.200.0.0/22
The problem is (at least on my SonicWALL side) the NAT is either on or off for the policy, and the subnets are grouped and cannot be specified individually in a single policy. I specify the X0 Subnet (192.168.0.0/24) as my local network, and an address group object that includes both encrypted domains (172.16.0.16/29 & 10.200.0.0/22). Only the 10.200.0.0/22 subnet is NAT though.
I theorized that I could specify 172.18.0.16/29 on the SonicWALL and have the Cisco ASA side 172.18.0.29 --> NAT 172.16.0.16/29.
In reverse I would suspect that the Cisco ASA must also do the same for the 192.168.0.0/24 network or can you mix NAT and non-NAT encrypted domains?