L2L vpn ASA 5510 8.0 one way traffic

Unanswered Question
Aug 13th, 2010
User Badges:

Very old problem. Tunnel comes up I am able to ping and connect any host from ASA inside network to Sonicwall insidenetwork but I am not able to connect any host from Sonicwall network to ASA inside network. Pind is even not working.  I know i see many geeks around should solve this preety quickly.

Sonicwall Pro3060






Attached is the configuration for the ASA.

Thanks in Advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Fri, 08/13/2010 - 10:11
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

It is possible that there is more than one problem. But the first issue that I notice is the access list applied to your outside interface:

access-list inbound extended permit icmp any any echo-reply
access-list inbound extended permit icmp any any unreachable
access-list inbound extended permit icmp any any time-exceeded


access-group inbound in interface outside

With this access list I wonder that the tunnel comes up. And since it permits echo-reply but does not permit echo, then it would allow the network at the peer to respond to ping but not allow them to initiate ping.

Fix the issue with the access list and then let us know what happens.



netimp101 Fri, 08/13/2010 - 12:58
User Badges:

Hey Richard,

That was good catch. Tunnel was down due to those access list. it was not working at all.

I had reset it to default and reconfigured the ASA tunnel is backup and now I am able to ping devices at both end.

The onlye problem now I am facing is I am not able to ping inside interface IP of ASA that is I am able to ping any device behind inside interface.

Find attached current config.


This Discussion