Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Inside Interface

1) I have site to site tunnel between ASA 5520 and sonicwall Pro3060
2) Tunnel is terminated on ASA on int0/2(dmz) and on Sonicwall X5(dmz)

I am able to bring tunnel up. From ASA to sonicwall I am able to ping sonicwall Lan interface and all LAN ip BUT from Sonicwall side I am not able to ping ASA inside interface IP and from ASA I am not able to ping any LAN side IP of sonicwall.

Below is the network topology and attached is config.

ASA LAN>>>ASA DMZ (0/2)----L2L TUNNEL----(X5)SONICWALL DMZ<<<<SONICWALL LAN
192.168.101.1/24>>>192.168.110.6/29---TUNNEL---192.168.110.2<<<192.168.209.2/23

I am trying to setup ASA for AAA accounting and authentication and with PRTG to monitor. Tacas server is on Sonicwall LAN ip 192.168.209.13 and PRTG 192.168.209.48.

If I try to ping those two servers IP from ASA sourcing inside interface it is not responding.

>>>

USMR02AS01# ping inside 192.168.209.13
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.209.13, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
>>>>

Any help/input appreciated.

Nice Day

1 REPLY

Re: ASA Inside Interface

Hi,

The crypto map that is applied to the DMZ interface is permitting the following traffic through the tunnel:

access-list dmz1_1_cryptomap_1 extended permit ip inside 255.255.255.0 MR-LAN 255.255.254.0

In other words:

Between networks 192.168.101.0/24 and 192.168.208.0/24

So, make sure that both internal LANs have a default gateway pointing to the VPN device, or a route to the other end pointing to the VPN device.

Federico.

372
Views
0
Helpful
1
Replies