07-17-2013 11:54 AM
Hi Everyone,
I'm not much of a cisco person as my company deals exclusively with SonicWall, anywho, I have a client who happens to have an ASA 5510 and I'm attempting to setup a Site to Site VPN connection between the 2. On the SonicWall side there are 2 subnets that need to go across the VPN and while the SonicWall says that both connections have been established I cannot get traffic to pass on the second subnet.
I've verified the VPN works to another SonicWall client of mine and contacted SonicWall who said it's not their issue and we cannot help you with Cisco, so I'm hoping someone here may be able to point me in the right direction
Setup is as follows
SonicWall NSA 220
Subnet 1 - 192.168.0.0
Subnet 2 - 192.168.20.0
Cisco ASA 5510
Subnet 192.168.75.0
Site to Site VPN
192.168.0.0 < - > 192.168.75.0 works fine, traffic passes
192.168.20.0 < - > 192.168.75.0 no traffic passes in either direction
I've included a running-config if that helps
07-17-2013 01:33 PM
I could see below Interesting traffic configured. Can you capture the packets as like below.
access-list outside_cryptomap extended permit ip 192.168.75.0 255.255.255.0 object-group DM_INLINE_NETWORK_3
object-group network DM_INLINE_NETWORK_3
group-object 192.168.0.0
network-object object 192.168.20.0
Set caputre :
cisco
Generate the traffic from sonicwall end site to asa on hitting 192.168.20.0 subnet.
cisco
Please rate the helpfull posts.
Regards,
Sreekanth
07-17-2013 01:44 PM
Nothing shows up in the packet tracking for the 192.168.20.x subnet
07-17-2013 02:18 PM
Please post the following
show crypto ipsec sa peer 5.5.5.5".
Sh vpn-session db
packet-tracer input inside ip 192.168.75.10 192.168.20.10
above Packet tracer command Format
packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port
Regards,
Srikanth
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide