I have built an ipsec L2L tunnel between the outside interfaces of a pix 515 (7.2.1) and an asa 5520 (8.0.2). I want the inside network of each firewall to be able to communicate with each other through the tunnel, but I cant get any traffic to pass through.
I have configured the nat (inside) 0 access-list nonat on each firewall with the traffic I want to pass through the tunnel and that acl also matches on my crypto map. The only way I can get the tunnel up is to ping my outside interface of each firewall (which I have added as "interesting" traffic) to get the tunnel up.
Any ideas of why my internal lans are not comunicating would be appreciated.
Remove the second line from access-list 160, and then add the following line to both PIX and ASA:
If you are trying to initiate traffic from the ASA, then you need the management-access command, however, it should come up if you try from a device on the inside network.