01-12-2021 10:58 PM
Hi all,
Hope you had a good day.
I have a problem with my Cisco 5508 ASA Firewall and it is connected via site to site VPN to my Sonicwall firewall. Every time the internet on the other (Sonicwall) peer goes down or switched from Primary to Secondary and vice versa only (not all) certain VLANs can communicate to and from the Cisco Firewall.
my Site A (Cisco): 1 VLAN only -192.168.0.0/24
my Site B (Sonicwall): 6 VLANS - 172.20.1.0/24,172.20.3.0/24, 172.20.5.0/24, 172.20.7.0/24, 172.20.9.0/24 and 172.20.30.0/24
when the internet switched from primary to secondary on the sonicwall side sometimes only 1-3 VLANs can communicate to and from the Cisco (only these vlans went through 172.20.1.0/24,172.20.3.0/24, 172.20.5.0/24) and all the reset were dropped. what i always do is to logout the session and initiate it again so that all vlans can be contacted again.
what should be the possible reason for this?
I hope someone can help me with this one. I am using ASDM by the way i seldom use CLI.
Thank You
01-13-2021 01:48 AM
01-13-2021 06:45 AM
Hi Sir,
Are you using dynamic ipsec of static? * I am using static IPSec.
Do you have dynamic routing in place which can be causing this? * no dynamic routing set
Do you have multiple links to exist VPN? * i am not sure about this but 1 thing i am sure of is that i have 1 site to site vpn and 1 remote access vpn using anyconnect.
Check if you are having incorrect nat statements which are forcing the traffic is certain
directions.* my nat is pretty straight forward as it is created by the vpn wizard automatically via asdm.
i have attached a screencap of my NAT config
07-09-2021 08:31 AM
Instead of multiple VPN locations I am having an issue with just one.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: