I'm having a smaller problem and need some help to clarify it.
I'm NAT'ing my inside to my external interface when passing traffic through the VPN
access-list vpn extended permit ip external_interface 192.168.20.1 255.255.255.0
I get hitcounts on this but it doesnt work.
So I add this line instead (line 1)
access-list vpn extended permit ip external_interface HOST 192.168.20.5
access-list vpn extended line 2 permit ip external_interface 192.168.20.0/24
And I can successfully connect to that host through the VPN connection..
But why cant I use the network range (/24) ? Why must I use hosts to be able to pass traffic?
Lets say that I want 192.168.10.0/24 to be able to communicate with my other VPN side who has ip 192.168.20.0/24
My acl would look like this
access-list vpn extended permit ip 192.168.10.0/24 192.168.20.0/24
of course I have to insert another ACL rule in the no_nat ACL.
But that doesnt work either? I have to manually type in the hosts in the 192.168.20.x/24 network to be able to connect to them?
What am I doing wrong here?