Philip thank you for your response.
I Shouldn't say that but I don't have any ACL on my outside interface.
I'am using this ACLs:
ACL for VTY Access:
access-list 5 permit "my public ip" 0.0.0.255
access-list 5 permit "customer's lan ip's" 0.0.0.255
access-list 5 permit "my private ips" 0.0.255.255
ACL for first S2S VPN (Customer to Customer remote location 1)
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
ACL for first S2S VPN (Customer to Customer remote location 2)
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
ACL for first S2S VPN (my company to Customer)
access-list 104 permit ip 192.168.2.0 0.0.0.255 "my private ip's - subnet 1" 0.0.255.255
access-list 104 permit ip 192.168.2.0 0.0.0.255 "my private ip's - subnet 2" 0.0.255.255
No nat ACL (for s2s vpn).
access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255 (Customer to Customer Remote 1)
access-list 102 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 (Customer to Customer remote 2)
access-list 102 deny ip any "my private ip's - subnet 1" 0.0.255.255 (from my company subnet 1)
access-list 102 deny ip any "my private ip's - subnet 2" 10.194.0.0 0.0.255.255 (from my company subnet 2)
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
"not sure what this line do!?"
dialer-list 1 protocol ip permit
I've also found this:
ip http access-class 23
And on my Vlan 1 interface I've got ACL IN for stopping Access to FaceBook servers:
deny ip 192.168.2.0 0.0.0.255 74.119.76.0 0.0.3.255
deny ip 192.168.2.0 0.0.0.255 103.4.96.0 0.0.3.255
deny ip 192.168.2.0 0.0.0.255 204.15.20.0 0.0.3.255
permit ip 192.168.2.0 0.0.0.255 any
J
