Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA 5510 to SonicWall NSA 220 VPN

Hi Everyone,

I'm not much of a cisco person as my company deals exclusively with SonicWall, anywho, I have a client who happens to have an ASA 5510 and I'm attempting to setup a Site to Site VPN connection between the 2. On the SonicWall side there are 2 subnets that need to go across the VPN and while the SonicWall says that both connections have been established I cannot get traffic to pass on the second subnet.

I've verified the VPN works to another SonicWall client of mine and contacted SonicWall who said it's not their issue and we cannot help you with Cisco, so I'm hoping someone here may be able to point me in the right direction

Setup is as follows

SonicWall NSA 220

Subnet 1 - 192.168.0.0

Subnet 2 - 192.168.20.0

Cisco ASA 5510

Subnet 192.168.75.0

Site to Site VPN

192.168.0.0 < - > 192.168.75.0 works fine, traffic passes

192.168.20.0 < - > 192.168.75.0 no traffic passes in either direction

I've included a running-config if that helps

Everyone's tags (3)
3 REPLIES
New Member

Cisco ASA 5510 to SonicWall NSA 220 VPN

I could see below Interesting traffic configured. Can you capture the packets as like  below.

access-list outside_cryptomap extended permit ip 192.168.75.0 255.255.255.0 object-group DM_INLINE_NETWORK_3

object-group network DM_INLINE_NETWORK_3
group-object 192.168.0.0
network-object object 192.168.20.0

Set caputre :
cisco#capture cap_in interface inside access-list outside_cryptomap

Generate the traffic from sonicwall end site to asa on hitting 192.168.20.0 subnet.


cisco#Sh capture cap_in

Please rate the helpfull posts.

Regards,

Sreekanth

New Member

Cisco ASA 5510 to SonicWall NSA 220 VPN

Nothing shows up in the packet tracking for the 192.168.20.x subnet

New Member

Cisco ASA 5510 to SonicWall NSA 220 VPN

Please post the following

show crypto ipsec sa peer 5.5.5.5". 

Sh vpn-session db


packet-tracer input inside ip 192.168.75.10 192.168.20.10

above Packet tracer command Format

packet-tracer input [src_int] protocol src_addr src_port dest_addr  dest_port

Regards,

Srikanth

1384
Views
0
Helpful
3
Replies
CreatePlease to create content