Here is my setup:
I have a Sonicwall setup as the hub where all the vpn's connect to. I have a new Cisco ASA 5505 connected to the sonicwall with no problem. The tunnel works great. But there is no internet access going out of the same Cisco ASA firewall. I want the internet to go out of the ASA. I tried several things but they didn't work. And all the documents I've been reading don't seam to cover what I want.
Just to make it more clear. Right now I have the sonicwall as the hub in Miami. In Chicago, I have a the Cisco ASA. I want the chicago people to be able to access the internet via their ASA and also, of course able to access the servers down in Miami like they can now.
I tried split tunnel but it doesn't seem to work. I have a feeling Im missing something so simple. Can anyone help? This is in a testing environement. Thanks.
You have created an ACL entitled pixtosw that defines the traffic to be sent over the vpn tunnel to your sonic wall.
your internal lan is 192.168.222.x/24
This first line says any packet sourced from 192.168.222.x with a destination ip address of 192.168.40x go through the tunnel
access-list pixtosw extended permit ip 192.168.222.0 255.255.255.0 192.168.40.0 255.255.255.0
The second line says any packet with a source ip address of 192.168.222.x and a destination of any place go over the tunnel.
access-list pixtosw extended permit ip 192.168.222.0 255.255.255.0 any
take the second line out and see what happens
A couple of suggestions on your other ACLs
access-list outside_access_in extended permit ip any any
Delete the outside_access_in ACL as you are telling the ASA to allow EVERYTHING into your internal network, not good.
access-list inside_access_out extended permit ip any any
By default any connection originating on the inside of your asa will be permitted out, thus this ACL is not needed.