Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
778
Views
0
Helpful
3
Replies

Site to Site VPN from Cisco 5508 ASA Firewall to Sonicwall Firewall

Herald Sison
Level 3
Level 3

‎01-12-2021 10:58 PM

Hi all,

 

Hope you had a good day.

 

I have a problem with my Cisco 5508 ASA Firewall and it is connected via site to site VPN to my Sonicwall firewall. Every time the internet on the other (Sonicwall) peer goes down or switched from Primary to Secondary and vice versa only (not all) certain VLANs can communicate to and from the Cisco Firewall.

 

my Site A (Cisco): 1 VLAN only -192.168.0.0/24

my Site B (Sonicwall): 6 VLANS - 172.20.1.0/24,172.20.3.0/24,  172.20.5.0/24, 172.20.7.0/24, 172.20.9.0/24 and 172.20.30.0/24

 

when the internet switched from primary to secondary on the sonicwall side sometimes only 1-3 VLANs can communicate to and from the Cisco (only these vlans went through 172.20.1.0/24,172.20.3.0/24,  172.20.5.0/24) and all the reset were dropped. what i always do is to logout the session and initiate it again so that all vlans can be contacted again.

 

what should be the possible reason for this?

 

I hope someone can help me with this one. I am using ASDM by the way i seldom use CLI.

 

Thank You

 

 

 

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Mohammed al Baqari
Level 11
Level 11

‎01-13-2021 01:48 AM

Hi,

There could be many. You need to describe the VPN. Are you using
dynamic ipsec of static? Do you have dynamic routing in place which can be
causing this? Do you have multiple links to exist VPN? Check if you are
having incorrect nat statements which are forcing the traffic is certain
directions.

***** please remember to rate useful posts
0 Helpful

Herald Sison
Level 3
Level 3
In response to Mohammed al Baqari

‎01-13-2021 06:45 AM

Hi Sir,

 

Are you using dynamic ipsec of static? * I am using static IPSec.

Do you have dynamic routing in place which can be causing this? * no dynamic routing set

Do you have multiple links to exist VPN? * i am not sure about this but 1 thing i am sure of is that i have 1 site to site vpn and 1 remote access vpn using anyconnect.

Check if you are having incorrect nat statements which are forcing the traffic is certain
directions.* my nat is pretty straight forward as it is created by the vpn wizard automatically via asdm.

 i have attached a screencap of my NAT config

Preview file
91 KB
0 Helpful

james.king14
Level 1
Level 1

‎07-09-2021 08:31 AM

Instead of multiple VPN locations I am having an issue with just one.  

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents