L2L vpn ASA 5510 8.0 one way traffic

Unanswered Question
Aug 13th, 2010

Very old problem. Tunnel comes up I am able to ping and connect any host from ASA inside network to Sonicwall insidenetwork but I am not able to connect any host from Sonicwall network to ASA inside network. Pind is even not working.  I know i see many geeks around should solve this preety quickly.

Sonicwall Pro3060

Outside: 4.2.2.1

Inside: 192.168.208.0/24

ASA

Outside: 4.2.2.2

Inside: 192.168.98.0/24

Attached is the configuration for the ASA.

Thanks in Advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Fri, 08/13/2010 - 10:11

It is possible that there is more than one problem. But the first issue that I notice is the access list applied to your outside interface:

access-list inbound extended permit icmp any any echo-reply
access-list inbound extended permit icmp any any unreachable
access-list inbound extended permit icmp any any time-exceeded

!

access-group inbound in interface outside

With this access list I wonder that the tunnel comes up. And since it permits echo-reply but does not permit echo, then it would allow the network at the peer to respond to ping but not allow them to initiate ping.

Fix the issue with the access list and then let us know what happens.

HTH

Rick

netimp101 Fri, 08/13/2010 - 12:58

Hey Richard,

That was good catch. Tunnel was down due to those access list. it was not working at all.

I had reset it to default and reconfigured the ASA tunnel is backup and now I am able to ping devices at both end.

The onlye problem now I am facing is I am not able to ping inside interface IP of ASA that is 192.168.98.2. I am able to ping any device behind inside interface.

Find attached current config.

Actions

This Discussion