cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1602
Views
0
Helpful
3
Replies
chicagotech
Beginner

Computer connecting to SonicWall can't access the Internet via Cisco ASA

We would like to add SonicWall behind our Cisco ASA. The SonicWall is connecting to a LAN switch and using LAN IP address. The ASA inside IP is 10.0.0.1/16 and SonicWall IP is 10.0.0.10/16. My Laptop with IP 10.0.119.1/16 and Default gateway 10.0.0.10 can ping 10.0.0.10 and 10.0.0.1, but can't ping any public IP address or access any websites. Tracert 4.2.2.2 gets time out. What do I need to configure ASA to allow a computer using SonicWall as default gateway to access the internet?

3 REPLIES 3
Julio Carvajal
Advisor

Hello,

 

The desing you mentioned in here is not properly setup. I mean why would you do it like this (going through 2 hops when it's on the Inside of the ASA).

I would place it entirely on a different subnet behind the SonicWall or with the Current IP but behind the ASA.

 

Imagine the following:

Computer tries to reach google.com.

The SYN packets goes to the SonicWall, then moves to the ASA and to the Google Server.

The SYN-ACK from the Google Server comes back, gets to the ASA and the ASA sees that the destination address is on the directly connected network so it's send directly to the Client instead of going through the SonicWall.

The PC sends the ACK and when it reaches the SonicWall says "Hold On, where is the SYN-ACK for this three Way Handshake" and drops the packet.

 

Solution with the poor desing: Configure NAT on the SonicWall so all traffic from that PC gets translated to the SonicWALL 10.0.0.10 so we force the returning traffic to get back to it.

 

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2-CCNP, JNCIS-SEC
For inmediate assistance hire us at http://i-networks.us

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

I should give more detail. We have two ASA setup failover. Some people say SonicWall may not work when the active ASA fails and switches to the standby ASA. Would like to test it and make sure it works before we create another subnet between ASA and SonicWall. I will try to create NAT on the SonicWall.

Please give it a try and let me know.

 

Also remember to rate all of my answers )

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Content for Community-Ad