Site to Site VPN between ASA5510 and Sonicwall TZ200 - Page 2

bgozem001 · ‎10-10-2013

Hi,

I have setup a site to site VPN between Cisco asa5510 and Sonicwall tz200, the tunnel established successfully, but there is no traffice crossing tunnel. everythi is ok on the Sonicwall side, but asa is somehow blocking all the inbound and outboud traffic. I'm using the ASDM and the backet tracer is giving: packet dropped, IPsec spoofing.

Your help and advise are greatly appreciated.

Thanks,

Basel.

bgozem001 · ‎10-17-2013

Could this NAT policy be the reason?

access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 172

16.149.0 255.255.255.0

192.168.0.0/16 is the local subnet

172.16.149.0/24 is the remote subnet

Julio Carvajal · ‎10-17-2013

Hello Basel,

No,

That nat 0 is good

do you have?

nat (inside) 0 access-list inside_nat0_outbound ??

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

bgozem001 · ‎10-17-2013

yes it is there:

nat (Inside) 0 access-list Inside_nat0_outbound

Julio Carvajal · ‎10-17-2013

Then You are good,

You possitive the Crypto ACL is fine?

Any ACL on the inside interface blocking the traffic?

Do the following

cap capin interface inside match ip any 172.16.149.0 255.255.255.0

cap asp type asp-drop all circular-buffer

Then try to access any host there and d o

show cap capin

show cap asp | include 172.16.149.x (The IP address you accessed or try to)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

bgozem001 · ‎10-17-2013

Just to mention that both wan interfaces IPs on both ends are on the same subnet /27 . Could that be an issue?