Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Traffic Issue - Different Default Gateways


I'm running 8.0.4 on two ASA's in active/passive mode with client-to-site IPSEC and SSL VPN tunneling active. This issue occurs whether I connect via IPSEC or SSLVPN.

I have a variety of machines pointing to ASA's as their default gateway which work fine using RDP or any other type of connection from the VPN clients. Other servers point to a Sonicwall firewall as their default gateway which has a route to the ASA's for the network the VPN clients sit on.

The ICMP redirect seems to work correctly as I see a route entry for the VPN client (pointing to the ASA's) in the servers route table that use the Sonicwalls as their default gateways.

From the VPN client, I can ping ALL servers but cannot connect via RDP or any other method to the server using the Sonicwall. I fired up a sniffer and see a RST coming from the clients back to the server and I'm not sure why. This is what Wireshark shows:

Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set

Any ideas as to the cause?



New Member

Re: VPN Traffic Issue - Different Default Gateways

If you move the DG of a server to the ASA can you RDP in then? May help rule out the ASA as the problem. sounds like the traffic is coming in the ASA and trying to go out the Sonicwall. A work around solution may be to add a route statement to the server stating that the remote VPN client network IP scheme can be found at the ASA. cmd - route add [networkIP] mask [subnetmask] [ASAIPAddress]. IE. route add mask a command prompt. If this resolved the issue then the problem is in the sonic wall. please rate if this helps

CreatePlease login to create content