Announcement

Collapse
No announcement yet.

Cisco ASA 5510 hoe to add route to allow Sonicwall users to browse local LAN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASA 5510 hoe to add route to allow Sonicwall users to browse local LAN

    Hi all,

    I have recently set up and Cisco ASA 5510 and traffic is flowing in and out as expected. The only thing I can not get working is allowing our remote Sonicwall users (once connect) to browse our local LAN 192.168.2.0 /24

    OS version 7.2 (3)
    ASDM 5.2 (30
    Default Gateway 192.168.2.1

    The NAT and acl exist to allow "any" to connect via https to the sonicwall VPN device. This work fine, they connect via public IP to the sonicwall on internal IP 192.168.2.9:

    static (INSIDE, OUTSIDE_PRIMARY) tcp 194.195.x.x https 192.168.2.9 https netmask 255.255.255.255

    access-list OUTSIDE_PRIMARY_access_in extended permit tcp any host 194.195.x.x eq https

    But, what happens it the sonicwall dishes out a DHCP address when user's connect from 192.168.200.100 - 192.168.200.100. They get the address fine, but what they can not do it browse or ping the local LAN 192.168.2.0 /24.

    The ASA doesn't know about the range 192.168.200.0 because it's encrypted within the tunnel but I need to know how to allow users that connect via VPN to browse the network.

    The company had a Netgear router before (that I'm replacing with the ASA) and this works fine with sonicwall client VPN and browsing, and the only rule that is added on the Netgear to allow this is:

    static route to destination 192.168.200.0 via gateway 192.168.2.9 (sonicwall)

    A similar rule does not work on the ASA. Does anyone have any ideas?????

    Thank you in advance for your help.


    Kind regards .

  • #2
    Re: Cisco ASA 5510 hoe to add route to allow Sonicwall users to browse local LAN

    Is it possible to get a partial config of your asa? You have configured the ASA to route to the destination gateway (192.168.2.9) however you need to tell the ASA not to nat the 192.168.200.x/24 addresses. You could do this using a static nat or use an acl exempting the network from nat. Again if you could provide a partial config I could be of more assistance.
    Last edited by ryansmitty; 6th March 2008, 16:23.

    Comment


    • #3
      Re: Cisco ASA 5510 hoe to add route to allow Sonicwall users to browse local LAN

      Moved to Cisco Security
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment

      Working...
      X