We are trying to tunnel our Remote VPN User's traffic through our ASA 5510 as well as allow the Remote VPN Users's traffic access to the other end of all our site-to-site VPN's connected to the same ASA. Basically we want whoever VPN's into the network to be able to access all of our company networks. We are trying to get away with this without using Split-Tunneling.
I can currently get the remote VPN User's internal traffic to reach all the other site-to-site vpn tunnels, without the internet being tunneled. The problem is when I add the following NAT statement:
nat (outside) 1 10.10.19.0 255.255.255.0 *10.10.19.0 is the Remote VPN Client addresses
The internet traffic for the Remote VPN starts to get tunneled, but I loose the ability to reach any of the other site-to-site tunnels through the Remote VPN tunnel.
I also start receiving the following errors in the ASA log
3 Jul 01 2009 12:34:18 305005 10.10.19.255 137 No translation group found for udp src outside:10.10.19.3/137 dst outside:10.10.19.255/137
Any help with how the NAT statements should be set to get this to work would be appreciated.
reference the link within this post for your hub&spoke vpn scenario,you problem may lie on exempt nat rules.
Have a second look at your nonat rules.
make sure to elimiate split tunnel rules pertaining to RA if any to not let it get in the way.
If still issues discribe topology for l2ls and RA logical info and sanatized config of hub asa.. but I think if you look at the above thread you should be able to resolve it.