12-16-2010 11:00 AM
I established a site to site VPN between Hub (5520) and spoke (5505), now I want the user in the spoke site to access the Internet through the 5520. On the 5505 I have the crypto map set for inside traffic to any and on the 5520 added a nat statement for the 5505 subnet for the outside..... what am i missing ??
12-16-2010 11:17 AM
same-security permit intra interface. Coz traffic is entering and exiting on the same interface.
12-16-2010 11:26 AM
no, sorry I left that out. The VPN tunnel is established through a WAN connection, like this:
5505 ------ > WAN -------- 5520 ----------- Internet
12-16-2010 11:42 AM
What are the nat configs on the hub ASA?Could you post them here. Can you see a nat translation for hosts behind the 5505?
12-16-2010 11:50 AM
12-16-2010 12:00 PM
Is the crypto acl on the 5520 from any to 5505 subnet? What does the show cry ips sa show on both devices? equal encaps and decaps.
And post the 5520 config if possible. Also check for logs on 5520.
12-17-2010 07:32 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: