Odd Site-to-site VPN connectivity issue

Question

I have two networks connected with a site-to-site VPN:

• Network "A" is 10.0.100.0/24 with a Sonicwall TZ-170 at 10.0.100.1
• Network "B" is 10.0.103.0/24 with a Sonicwall Pro1260 at 10.0.103.1
• Everything in "A" can ping everything in "B", and everything in "B" can ping everything in "A"

With one Exception: Nothing from network "A" has access to anything on the "B" sonicwall (no HTTP, HTTPS, SNMP, ICMP, etc.).

Additionally, sonicwall "B" can't ping it's own lan address. I've been over the VPN config, and the NAT and firewall rules on both sonicwalls. Everything seems fine, but clearly I'm missing something.

Anyone have any ideas? So far, the Sonicwall support team hasn't been able to resolve the problem.

Update: Access to the "B" device's LAN IP spontaneously started working last night, exactly when our "A" TZ170 spontaneously rebooted itself. I'm starting to think we have some faulty equipment.

Answer 1

You or support probably checked this already, but is the "Enable Ping from LAN to Management Interface" checkbox on the System->Administration page set?

Not sure about not being able to reach the management page remotely.

Answer 2

In addition to the "Enable Ping from LAN to Management Interface" already answered... You need to enable "Management via this SA" in the VPN properties. I believe this is off by default.

1. Login to the firewall
2. Go to VPN -> Setttings
3. Click the pencil next to the Tunnel in question
4. Click the Advanced tab.
5. Check the boxes next to the items you want to enable (HTTP, HTTPS, SSH)

That should take care of the rest of it. You need to do this on both firewalls if you want to manage from either end.