I am setting up a site-to-site VPN between a SonicWALL NSA2400 and a Cisco ASA5505. I am in a test lab with a simple setup:
"Server" computer with IP address 22.214.171.124/24, connected to NSA2400 on its LAN interface, IP address 126.96.36.199/24
NSA2400 WAN interface has IP address 188.8.131.52/24, and is connected through a switch to ASA5505 port 0 ("outside"), vlan2, IP address 184.108.40.206/24.
"Client" computer with IP address 220.127.116.11/24, connected to ASA5505 port 1 ("inside"), vlan1, IP address 18.104.22.168/24.
I have never configured Cisco devices, and the reason I am playing with the ASA5505 is the the SonicWALLs are causing a problem that the Ciscos seem to resolve. So my lack of experience will certainly show in the question:
I have used the ASCM Startup Wizard to configure the "inside" and "outside" interfaces.
I have used the IPsec VPN Wizard to configure the VPN tunnel, and it does come up.
I am missing some internal routing, though, and am having trouble finding documentation on how to fix this: I need for the Client and Server computers to see each other
If I ping from the Server (NSA2400) to the Client (ASA5505), it doesn't work (Request timed out), and the ASA5505 gives me the following messages:
Built inbound ICMP connection for faddr 22.214.171.124/1 gaddr 126.96.36.199/0 laddr 188.8.131.52/0
Teardown ICMP connection for faddr 184.108.40.206/1 gaddr 220.127.116.11/0 laddr 18.104.22.168/0
If I ping from the Client to the Server, it also doesn't work, and the ASA5505 gives me the following message:
Failed to locate egress interface for ICMP from inside: 22.214.171.124/1 to 126.96.36.199/0
what puzzles me is that in the "Connection profile" for the VPN, I have specified that the Local Network is the 188.8.131.52/24, and the Remote Network is the 184.108.40.206/24, which I would expect to be enough to tell the ASA5505 to associate the two. But 2.1 above seems to indicate that I am missing some routing...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :