Hi everyone,

I have setup a VPN site to site between 2 firewall (one cisco and one sonicwall).

On my site A, I have a sonicwall with 2 local LAN (10.1.1.0/24 and 10.2.2.0/24)

On my site B, I have a Cisco firewall with 1 local LAN (172.18.0.0/20)

I try to routing my lan subnet of the site B to the site A.

I have create a network group on my cisco firewall (site B) with my 2 local lan subnet.

At this time, my vpn is up from both of my firewall but I have no traffic between my two site.

Any idea how I must create my route?

Here my configuration :

ASA Version 9.10(1)7
!
hostname ****-FW1
domain-name xxxx.lan
enable password ***** pbkdf2
!
license smart
feature tier standard
feature context 1

names
no mac-address auto
ip local pool SSLVPN 192.168.102.50-192.168.102.254 mask 255.255.255.0

!
interface Ethernet1/1
nameif outside
security-level 0
ip address 208.xx.xx.x8 255.255.255.248
!
interface Ethernet1/2
description Interface LAN Serveur
nameif inside
security-level 100
ip address 172.18.0.1 255.255.240.0
!
interface Ethernet1/3
description Telephonie TELUS
nameif VOIP
security-level 50
ip address 10.0.1.1 255.255.255.0
!

!
interface Management1/1
management-only
nameif management
security-level 100
ip address 192.168.45.1 255.255.255.0
!
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 8.8.8.8 outside
name-server 1.1.1.1 outside
domain-name xxx.lan
object network Lan_Network
subnet 172.18.0.0 255.255.240.0
object network xxx-DC1
host 172.18.0.105
description Domaine controller principal
object network xxx-BCK1
host 172.18.0.106
description Serveur de sauvegarde
object network ****-FILES55
host 172.18.0.107
description Serveur de fichier du 87 (Ancien 55)
object network ****-FILES87
host 172.18.0.108
description Serveur de fichier du 55 (Ancien 87)
object network ****-FTP1
host 172.18.0.118
description Serveur FTP
object network ****-TS1
host 172.18.0.117
description Serveur TS (BAD)
object network ****-FILESW12
host 172.18.0.116
description Serveur TS temporaire
object network DFORCIER_Private
host 172.18.0.35
description Poste perso de Diane Forcier
object network GTI_WAN_IPS
subnet 107.xxx.xx.x6 255.255.255.224
description IP Wan de GTI
object network GTI_WLAN
subnet 10.2.2.0 255.255.255.0
description Réseau Local WLAN de GTI
object network GTI_LAN
subnet 10.1.1.0 255.255.255.0
description Réseau LAN de GTI
object network MERLIN
host 172.18.0.20
description Serveur Mac Pro
object network PANASONIC
subnet 10.0.1.0 255.255.255.0
description Système Téléphonique
object network ****-FM-Serveur
host 172.18.0.10
description Serveur FileMaker
object network ****_Wan_IP59
host 208.xxx.xxx.59
description IP Publique Secondaire
object network ****_Wan_IP61
host 208.xxx.xxx.61
description IP Publique Secondaire
object network ****_Wan_IP60
host 208.xxx.xxx.60
description IP Publique Secondaire
object network Telephonie
range 10.0.1.1 10.0.1.254
description Range de la téléphonie
object network ****_Wan_IP62
host 208.xxx.xxx.62
description IP Publique Secondaire
object network SSL_VPN_Range
range 192.168.102.50 192.168.102.254
description Range pour VPN SSL
object service DFORCIER_REMOTE
service tcp source eq 3435 destination eq 3435
description Port pour RDP dforcier
object service FileMaker_Administration
service tcp source eq 16001 destination eq 16000
description Administration FileMaker
object service IPSec_UDP
service udp source eq 4500 destination eq 4500
description VPN_Mac
object service L2TP_traffic
service udp source eq 1701 destination eq 1701
description VPN_Mac
object network ****_Wan_IP58_Main
host 208.xxx.xxx.58
description Adresse IP Principal
object service IKE_KeyExchange
service udp source eq isakmp destination eq isakmp
description IKE pour VPN_Mac
object service FileMaker_Data
service tcp source eq 5003 destination eq 5003
description FileMaker
object service TS_TCP
service tcp destination eq 3389
description Port pour TS
object service TS_UDP
service udp destination eq 3389
description Port pour TS
object network Gateway_WAN
host 208.xxx.xxx.57
description Gateway Openface ****
object network WAN_IP
host 208.xxx.xxx.58
object network Gateway_LAN
host 172.18.0.1
description Gateway reseau local
object network obj-172.18.0.118
host 172.18.0.118
object network bad_To_Inside
host 172.18.0.117
object network ****_RangeIp
subnet 172.18.0.0 255.255.240.0
object network NETWORK_OBJ_172.18.0.0_20
subnet 172.18.0.0 255.255.240.0
object-group network GTI_LAN+Wifi
description Réseau Local GTI
network-object object GTI_WAN_IPS
network-object object GTI_WLAN
network-object object GTI_LAN
object-group service FileMaker_Services
description FileMaker
service-object object FileMaker_Administration
service-object object FileMaker_Data
object-group service Terminal_Service
description Services TS
service-object object TS_TCP
service-object object TS_UDP
object-group service VPN_L2TP_Merlin
description VPN Merlin
service-object esp
service-object object IKE_KeyExchange
service-object object IPSec_UDP
service-object object L2TP_traffic
service-object tcp destination eq pptp
object-group service RDP_Ports tcp-udp
port-object eq 3389
access-list LAN_Serveur_access_in extended permit ip any any
access-list LAN_Serveur_access_in extended permit ip 172.18.0.0 255.255.240.0 10.0.1.0 255.255.255.0
access-list VOIP_access_in extended permit ip any any
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list Local_Lan_Access standard permit host 0.0.0.0
access-list Local_Lan_Access standard permit 172.18.0.0 255.255.240.0
access-list Local_Lan_Access standard permit 10.0.1.0 255.255.255.0
access-list OutsideBad extended permit object TS_TCP any object ****-TS1
access-list outside_cryptomap extended permit ip object Lan_Network object-group GTI_LAN+Wifi
access-list internal extended permit ip any any
access-list internal extended permit icmp any any
access-list external extended permit icmp any any
access-list external extended permit ip any any
access-list VOIP extended permit ip any any
access-list VOIP extended permit icmp any any
access-list outside extended permit icmp any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu VOIP 1500
mtu management 1500
ip verify reverse-path interface outside
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-7101.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 32768
nat (any,outside) source static any any destination static SSL_VPN_Range SSL_VPN_Range
nat (outside,inside) source static Lan_Network Lan_Network destination static GTI_LAN+Wifi GTI_LAN+Wifi no-proxy-arp route-lookup
!
object network Lan_Network
nat (any,outside) dynamic interface
object network ****-TS1
nat (inside,outside) static interface service tcp 3389 3389
object network ****-FM-Serveur
nat (inside,outside) static interface service tcp 5003 5003
access-group OutsideBad in interface outside
access-group external in interface inside
access-group VOIP_access_in in interface VOIP
route outside 0.0.0.0 0.0.0.0 208.xxx.xxx.57 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
aaa-server ****-Radius protocol radius
aaa-server ****-Radius (inside) host 172.18.0.105
key *****
radius-common-pw *****
aaa-server ****.lan protocol ldap
aaa-server ****.lan (inside) host 172.18.0.105
server-port 389
ldap-base-dn dc=****, dc=lan
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn cn=gti, dc=****, dc=lan
server-type microsoft
user-identity domain ****.ca aaa-server ****.lan
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 192.168.45.0 255.255.255.0 management
http 172.18.0.0 255.255.240.0 inside
ip-client outside
snmp-server host inside 172.18.0.105 community ***** version 2c
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 107.xxx.xxx.100
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map interface outside
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
fqdn none
subject-name CN=192.168.45.1,CN=****-FW1
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpoint vpn.****.ca
enrollment terminal
subject-name CN=vpn.****.ca
crl configure
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpool policy
auto-import
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0
certificate 4432115c
308202d0 308201b8 a0030201 02020444 32115c30 0d06092a 864886f7 0d01010b
0500302a 3111300f 06035504 03130854 414e4b2d 46573131 15301306 03550403

d7fd9f92 4e4a61fb 77f07e2f b3073d3c 0d555b62 37170010 8156a225 91332652
dace96e8 07961342 dceaa36d 807e48ac 12e8e99e cf9488e3 de6097f4 2826778d
e9c59513 924d50d1 d1e03e0e 3b4dd53a c89db9f1
quit
crypto ca certificate chain vpn.****.ca
certificate 00832746855ee2aeca
308206ae 30820596 a0030201 02020900 83274685 5ee2aeca 300d0609 2a864886

72d57217 edf3e955 d7afa8bb e4283bd8 760262d1 96485817 53eb1c58 29ebb798
b67e2bac 961c5b71 865e21b5 961d1ea7 1d9599c3 c1c820ee 7fb0f3fe dabb5476
4640757e 18f0a390 05a1ddea d5463db2 92ad
quit
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 0509
308205b7 3082039f a0030201 02020205 09300d06 092a8648 86f70d01 01050500

ba174282 97718153 31a99ff6 7d62bf72 e1a3931d cc8a265a 0938d0ce d70d8016
b478a53a 874c8d8a a5d54697 f22c10b9 bc5422c0 01506943 9ef4b2ef 6df8ecda
f1e3b1ef df918f54 2a0b25c1 2619c452 100565d5 8210eac2 31cd2e
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint vpn.****.ca
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh 172.18.0.0 255.255.240.0 inside
ssh 192.168.45.0 255.255.255.0 management
ssh timeout 30
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
dhcpd auto_config outside
!
!
tls-proxy maximum-session 1000
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point vpn.****.ca outside
ssl trust-point vpn.****.ca inside
ssl trust-point vpn.****.ca VOIP
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 management
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 management vpnlb-ip
webvpn
enable outside
enable inside
anyconnect image disk0:/anyconnect-win-4.7.00136-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-macos-4.7.00136-webdeploy-k9.pkg 2
anyconnect profiles ****_Profile disk0:/****_profile.xml
anyconnect enable
tunnel-group-list enable
cache
disable
group-policy DfltGrpPolicy attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy GroupPolicy_SSLVPN internal
group-policy GroupPolicy_SSLVPN attributes
dns-server value 172.18.0.105
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Local_Lan_Access
default-domain value ****.lan
split-dns value ****.lan
intercept-dhcp enable
webvpn
anyconnect profiles value ****_Profile type user
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol l2tp-ipsec
group-policy GroupPolicy_107.xxx.xxx.100 internal
group-policy GroupPolicy_107.xxx.xxx.100 attributes
vpn-tunnel-protocol ikev1 ikev2
dynamic-access-policy-record DfltAccessPolicy
username gti password ***** pbkdf2
tunnel-group DefaultRAGroup general-attributes
address-pool SSLVPN
authentication-server-group ****-Radius
tunnel-group DefaultRAGroup webvpn-attributes
group-alias ****-VPN enable
tunnel-group SSLVPN type remote-access
tunnel-group SSLVPN general-attributes
address-pool SSLVPN
authentication-server-group ****-Radius
default-group-policy GroupPolicy_SSLVPN
tunnel-group SSLVPN webvpn-attributes
group-alias SSLVPN enable
tunnel-group 107.xxx.xxx.100 type ipsec-l2l
tunnel-group 107.xxx.xxx.100 general-attributes
default-group-policy GroupPolicy_107.xxx.xxx.100
tunnel-group 107.xxx.xxx.100 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
service call-home
call-home reporting anonymous
call-home
contact-email-addr support@****.ca
source-interface outside
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
app-agent heartbeat interval 1000 retry-count 3
Cryptochecksum:fbbffae1cda6681b16780f09a884b713
: end
asdm image disk0:/asdm-7101.bin
no asdm history enable