Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Ipsec tunnel between sonicwall and cisco on failover to other wan ip ping passes but other flows sto

mcapturmcaptur Newbie ✭
in Mid Range Firewalls

So i have a Sonicwall with two wan IPs on one end and a Cisco router with two other wan IPs on ther end. VPN works fine and when i kill a link on any side i loose a couple of pings and vpn is re-established so all seems good and as expected.

However on many occasions when VPN is re established i can start pinging a host on network 1 from a host on network 2, but acessing a client server application on network 1 (same host I am pinging) from a host on network 2 (same host from which i am starting ping) does not work i.e. i can ping host but cannot connect to a service on host. As soon as i disable and re-enable the vpn connection on sonicwall all works fine. It looks like sonicwall is keeping some flows bound to the 'old' vpn 'route' and need to manualy turn vpn off and back on. Any suggestions?

Am on latest firmware..

Category: Mid Range Firewalls
Reply
Tagged:

Answers

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    A few things that might help:

    • You can see flows in connection monitor
    • If you have triangular routing, then ICMP and UDP will work but TCP will not

    Is this one VPN policy with multiple peers, or are you using multiple tunnel interfaces + route policies?

  • mcapturmcaptur Newbie ✭
    One VPN policy with multiple peers.. I think issue is resolved be disabling keep alives on one sonicwall side and leaving them enabled only on Cisco side . But need some further testing
  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    OK, you can disregard the bit about triangular routing if this is only a single tunnel.

Sign In or Register to comment.