ASA Inside Interface

Unanswered Question
Apr 15th, 2010
User Badges:

1) I have site to site tunnel between ASA 5520 and sonicwall Pro3060
2) Tunnel is terminated on ASA on int0/2(dmz) and on Sonicwall X5(dmz)

I am able to bring tunnel up. From ASA to sonicwall I am able to ping sonicwall Lan interface and all LAN ip BUT from Sonicwall side I am not able to ping ASA inside interface IP and from ASA I am not able to ping any LAN side IP of sonicwall.

Below is the network topology and attached is config.

ASA LAN>>>ASA DMZ (0/2)----L2L TUNNEL----(X5)SONICWALL DMZ<<<<SONICWALL LAN
192.168.101.1/24>>>192.168.110.6/29---TUNNEL---192.168.110.2<<<192.168.209.2/23

I am trying to setup ASA for AAA accounting and authentication and with PRTG to monitor. Tacas server is on Sonicwall LAN ip 192.168.209.13 and PRTG 192.168.209.48.

If I try to ping those two servers IP from ASA sourcing inside interface it is not responding.

>>>

USMR02AS01# ping inside 192.168.209.13
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.209.13, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
>>>>

Any help/input appreciated.

Nice Day

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Thu, 04/15/2010 - 13:33
User Badges:
  • Green, 3000 points or more

Hi,


The crypto map that is applied to the DMZ interface is permitting the following traffic through the tunnel:


access-list dmz1_1_cryptomap_1 extended permit ip inside 255.255.255.0 MR-LAN 255.255.254.0


In other words:

Between networks 192.168.101.0/24 and 192.168.208.0/24


So, make sure that both internal LANs have a default gateway pointing to the VPN device, or a route to the other end pointing to the VPN device.


Federico.

Actions

This Discussion