ASA Inside Interface

netimp101 · ‎04-15-2010

1) I have site to site tunnel between ASA 5520 and sonicwall Pro3060
2) Tunnel is terminated on ASA on int0/2(dmz) and on Sonicwall X5(dmz)

I am able to bring tunnel up. From ASA to sonicwall I am able to ping sonicwall Lan interface and all LAN ip BUT from Sonicwall side I am not able to ping ASA inside interface IP and from ASA I am not able to ping any LAN side IP of sonicwall.

Below is the network topology and attached is config.

ASA LAN>>>ASA DMZ (0/2)----L2L TUNNEL----(X5)SONICWALL DMZ<<<<SONICWALL LAN
192.168.101.1/24>>>192.168.110.6/29---TUNNEL---192.168.110.2<<<192.168.209.2/23

I am trying to setup ASA for AAA accounting and authentication and with PRTG to monitor. Tacas server is on Sonicwall LAN ip 192.168.209.13 and PRTG 192.168.209.48.

If I try to ping those two servers IP from ASA sourcing inside interface it is not responding.

>>>

USMR02AS01# ping inside 192.168.209.13
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.209.13, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
>>>>

Any help/input appreciated.

Nice Day

Federico Coto Fajardo · ‎04-15-2010

Hi,

The crypto map that is applied to the DMZ interface is permitting the following traffic through the tunnel:

access-list dmz1_1_cryptomap_1 extended permit ip inside 255.255.255.0 MR-LAN 255.255.254.0

In other words:

Between networks 192.168.101.0/24 and 192.168.208.0/24

So, make sure that both internal LANs have a default gateway pointing to the VPN device, or a route to the other end pointing to the VPN device.

Federico.