topic Re: Problems accessing the internet in Network Security https://community.cisco.com/t5/network-security/problems-accessing-the-internet/m-p/1382217#M694595 <HTML><HEAD></HEAD><BODY><P>For your router LAN to be able to route Internet traffic to the VPN tunnel towards the ASA, the crypto ACL needs to be:</P><P>On router: 10.14.0.0 0.0.255.255 any</P><P>On ASA: any 10.14.0.0 255.255.0.0</P><P></P><P>On ASA, if you are routing the internet traffic out the outside interface of the ASA, you would need to configure the following:</P><P>same-security-traffic permit intra-interface</P><P></P><P>And because the router LAN 10.14.0.0/16 is private ip address, before being routed towards the Internet on the ASA end, it needs to be PATed to public IP, hence you need to configure:</P><P>nat (outside) x 10.14.0.0 255.255.0.0</P><P>global (outside) x a.b.c.d</P><P></P><P>OR/ you can use existing global sequence for example:</P><P>nat (outside) 10 10.14.0.0 255.255.0.0</P><P>which will use the corresponding global address of 12.69.103.129</P><P></P><P>Hope that helps.</P></BODY></HTML> Wed, 24 Mar 2010 12:03:17 GMT Jennifer Halim 2010-03-24T12:03:17Z Problems accessing the internet https://community.cisco.com/t5/network-security/problems-accessing-the-internet/m-p/1382216#M694574 <P>Removed</P> Mon, 11 Mar 2019 17:25:14 GMT https://community.cisco.com/t5/network-security/problems-accessing-the-internet/m-p/1382216#M694574 ronald.odom 2019-03-11T17:25:14Z Re: Problems accessing the internet https://community.cisco.com/t5/network-security/problems-accessing-the-internet/m-p/1382217#M694595 <HTML><HEAD></HEAD><BODY><P>For your router LAN to be able to route Internet traffic to the VPN tunnel towards the ASA, the crypto ACL needs to be:</P><P>On router: 10.14.0.0 0.0.255.255 any</P><P>On ASA: any 10.14.0.0 255.255.0.0</P><P></P><P>On ASA, if you are routing the internet traffic out the outside interface of the ASA, you would need to configure the following:</P><P>same-security-traffic permit intra-interface</P><P></P><P>And because the router LAN 10.14.0.0/16 is private ip address, before being routed towards the Internet on the ASA end, it needs to be PATed to public IP, hence you need to configure:</P><P>nat (outside) x 10.14.0.0 255.255.0.0</P><P>global (outside) x a.b.c.d</P><P></P><P>OR/ you can use existing global sequence for example:</P><P>nat (outside) 10 10.14.0.0 255.255.0.0</P><P>which will use the corresponding global address of 12.69.103.129</P><P></P><P>Hope that helps.</P></BODY></HTML> Wed, 24 Mar 2010 12:03:17 GMT https://community.cisco.com/t5/network-security/problems-accessing-the-internet/m-p/1382217#M694595 Jennifer Halim 2010-03-24T12:03:17Z