i have a lan-to-lan tunnel and works fine but users are not able to access internet. the crypto access list on my end (ASA) is as follows:
access-list outside_cryptomap extended permit ip 168.56.0.0 255.254.0.0 10.105.0.0 255.255.224.0
On other end:
access-list outside_cryptomap extended permit ip 10.105.0.0 255.255.224.0
168.56.0.0 255.254.0.0
There is NAT on this as:
global (outside)1 138.35.119.2
nat (outside) 1 10.105.0.0 255.255.224.0
In order to go to the internet,
Should the access-list looks like this?
with the "any" keyword?
On my end:
permit ip any 10.105.0.0 255.255.224.0
On other end:
permit ip 10.105.0.0 255.255.224.0
any
Am i looking at the right thing? I supposed everything has to go through the tunnel (not using split-tunnel); and therefore "any" should be used for user to go to internet?