Solved: Re: Cisco ASA 5505 site-to-site to Sonicwall Hub and Spoke, No I

guy.maxwell · ‎09-21-2007

Here is my setup:

I have a Sonicwall setup as the hub where all the vpn's connect to. I have a new Cisco ASA 5505 connected to the sonicwall with no problem. The tunnel works great. But there is no internet access going out of the same Cisco ASA firewall. I want the internet to go out of the ASA. I tried several things but they didn't work. And all the documents I've been reading don't seam to cover what I want.

Just to make it more clear. Right now I have the sonicwall as the hub in Miami. In Chicago, I have a the Cisco ASA. I want the chicago people to be able to access the internet via their ASA and also, of course able to access the servers down in Miami like they can now.

I tried split tunnel but it doesn't seem to work. I have a feeling Im missing something so simple. Can anyone help? This is in a testing environement. Thanks.

whisperwind · ‎09-21-2007

You have created an ACL entitled pixtosw that defines the traffic to be sent over the vpn tunnel to your sonic wall.

your internal lan is 192.168.222.x/24

This first line says any packet sourced from 192.168.222.x with a destination ip address of 192.168.40x go through the tunnel

access-list pixtosw extended permit ip 192.168.222.0 255.255.255.0 192.168.40.0 255.255.255.0

The second line says any packet with a source ip address of 192.168.222.x and a destination of any place go over the tunnel.

access-list pixtosw extended permit ip 192.168.222.0 255.255.255.0 any

take the second line out and see what happens

A couple of suggestions on your other ACLs

access-list outside_access_in extended permit ip any any

Delete the outside_access_in ACL as you are telling the ASA to allow EVERYTHING into your internal network, not good.

access-list inside_access_out extended permit ip any any

By default any connection originating on the inside of your asa will be permitted out, thus this ACL is not needed.

View solution in original post

whisperwind · ‎09-21-2007