Cisco ASA 5510 to SonicWall NSA 220 VPN

Adam Creig · ‎07-17-2013

Hi Everyone,

I'm not much of a cisco person as my company deals exclusively with SonicWall, anywho, I have a client who happens to have an ASA 5510 and I'm attempting to setup a Site to Site VPN connection between the 2. On the SonicWall side there are 2 subnets that need to go across the VPN and while the SonicWall says that both connections have been established I cannot get traffic to pass on the second subnet.

I've verified the VPN works to another SonicWall client of mine and contacted SonicWall who said it's not their issue and we cannot help you with Cisco, so I'm hoping someone here may be able to point me in the right direction

Setup is as follows

SonicWall NSA 220

Subnet 1 - 192.168.0.0

Subnet 2 - 192.168.20.0

Cisco ASA 5510

Subnet 192.168.75.0

Site to Site VPN

192.168.0.0 < - > 192.168.75.0 works fine, traffic passes

192.168.20.0 < - > 192.168.75.0 no traffic passes in either direction

I've included a running-config if that helps

srikanth ath · ‎07-17-2013

I could see below Interesting traffic configured. Can you capture the packets as like below.

access-list outside_cryptomap extended permit ip 192.168.75.0 255.255.255.0 object-group DM_INLINE_NETWORK_3

object-group network DM_INLINE_NETWORK_3
group-object 192.168.0.0
network-object object 192.168.20.0

Set caputre :
cisco#capture cap_in interface inside access-list outside_cryptomap

Generate the traffic from sonicwall end site to asa on hitting 192.168.20.0 subnet.

cisco#Sh capture cap_in

Please rate the helpfull posts.

Regards,

Sreekanth

Adam Creig · ‎07-17-2013

Nothing shows up in the packet tracking for the 192.168.20.x subnet

srikanth ath · ‎07-17-2013

Please post the following

show crypto ipsec sa peer 5.5.5.5".

Sh vpn-session db

packet-tracer input inside ip 192.168.75.10 192.168.20.10

above Packet tracer command Format

packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port

Regards,

Srikanth