Bet no one can solve this one
I have a cisco ASA and 2 877
The outside interface is connected to the internet, nothing on the inside
The 2 877 are also connected to the internet.
I have 2 VPN's that connect to the outside of the ASA.
Both tunnels are up.
But am unable to ping from one 877 to the other 877 via the VPN's.
I have intra interface enabled and sysopt connection permit-vpn
Tho I did set the vpn's up with match address statments.
I have been on this for ove a week and im starting to lose the plot.
Any help very much appricated.
access-list 100 extended permit ip 10.20.30.0 255.255.255.0 10.20.40.0 255.255.255.0
no access-list 100 extended permit ip any any
access-list 101 extended permit ip 10.20.40.0 255.255.255.0 10.20.30.0 255.255.255.0
no access-list 101 extended permit ip any any
and modify ACL on the spokes accordingly
initiate traffic from one spoke to another
sh crypto isakmp sa
sh crypto ipsec sa
on all devices