Just a curiosity :
Despite the fact the two LANs at VPN ends are reachable each other, why do I get this from show crypto sessions ?
Interface: Vlan2
Session status: DOWN
Peer: <Sonicwall-IP> port 500
IPSEC FLOW: permit ip 172.16.1.0/255.255.255.0 192.168.0.0/255.255.0.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: deny ip 172.16.1.0/255.255.255.0 192.168.1.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 172.16.1.0/255.255.255.0 192.168.100.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: deny ip 172.16.1.0/255.255.255.0 192.168.192.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: deny ip 172.16.1.0/255.255.255.0 192.168.0.0/255.255.255.0
Active SAs: 0, origin: crypto map
Interface: Vlan2
Session status: UP-ACTIVE
Peer: <Sonicwall-WAN-IP> port 4500
IKE SA: local <Cisco-WAN-IP>/4500 remote <Sonicwall-WAN-IP>/4500 Active
IPSEC FLOW: permit ip 172.16.1.0/255.255.255.0 192.168.210.0/255.255.255.0
Active SAs: 2, origin: crypto map
(upper rules come from crypto map access-list)
Why are there two session (port 500 and port 4500) and only the second one active ?