1

I have a sonicwall site to site vpn. At one of the sites there is another Cisco vpn to another site. I need to route the traffic for the cisco vpn through the site to site from the other sonicwall site.

Site A - 10.10.0.0 /16 network

Site B - 192.168.1.0 /24 Sonicwall, A cisco vpn is on 192.168.1.226 address and has routes the 10.10.0.0 network to Site A.

Site C - 192.168.2.0 /24 Sonicwall

Site A-B VPN is working Site B-C VPN is working I need to get Site C to transmit the 10.10.0.0 traffic over the VPN to site B and then out the Cisco device.

einstiien
  • 2,568
  • 18
  • 18

1 Answers1

1

There are a few things that need to happen.

  • The Cisco at Site A needs to have a static route added that points to the 192.168.2.0/24 subnet with the site B Cisco as the gateway.

  • The site B Cisco either needs to have the Sonicwall as its default route or it also needs a static route to the 192.168.2.0/24 network through the 192.168.1.0 Sonicwall.

  • The site c Sonicwall needs a static route added pointing to the 10.10.0.0/16 network with the site B Sonicwall as the gateway.

einstiien
  • 2,568
  • 18
  • 18
  • Sorry, but i did have all of that set already. I now see that the Site B firewall is dropping the packets destined for Site C because it thinks that the source of the traffic (10.10.x.x) is being spoofed. I have disabled intrusion prevention and it still is flagging as spoofed. –  Feb 24 '10 at 14:12
  • Unfortunately on the sonicwalls the IP Spoof blocking cannot be disabled. Is there a static route in the Site B firewall for the 10.10 network? – einstiien Feb 24 '10 at 16:20
  • Just remembered, also, you need to add the 10.10 network to the list of networks that are allowed through the VPN tunnel on the Site B sonicwall. – einstiien Feb 24 '10 at 16:21
  • I had the static route in Site B to route the traffic to the Cisco device. I created a new address group and added the 'Firewalled Subnets' and the 10.10 network and then changed the VPN Local Networks to this new address group, however it still drops the packet because of the spoofing. –  Feb 24 '10 at 21:02