l2l tunnel not able to access internet

Unanswered Question

i have a lan-to-lan tunnel and works fine but users are not able to access internet. the crypto access list on my end (ASA) is as follows:

access-list outside_cryptomap extended permit ip

On other end:

access-list outside_cryptomap extended permit ip

There is NAT on this as:

global (outside)1

nat (outside) 1

In order to go to the internet,

Should the access-list looks like this?

with the "any" keyword?

On my end:

permit ip any

On other end:

permit ip


Am i looking at the right thing? I supposed everything has to go through the tunnel (not using split-tunnel); and therefore "any" should be used for user to go to internet?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
RicheeJJJ_2 Mon, 04/06/2009 - 22:43

The command:

access-list outside_cryptomap extended permit ip

indicates that traffic coming from the network that is going to the network will go over the VPN. If you don't have any other crypto map acl's then all other traffic will just go out the outside interface, provided you have a default route to the outside.


This Discussion