Our head office has an 877.
Our two remote sites also have 877's and they have a permanent tunnel into the head office 877 which works OK.
My issue is that the two remote sites cannot talk to each other - but they can talk to head office fine.
I take it I have some sort of NAT issue - so i'll post the relevant configs and if someone could take a look and point me in the right direction i'd be very pleased!!
Head office config is txt file 192.168.16.5
Remote site 'Riversdale' is text file 192.168.17.1
Remote site 'Tynewydd' is text file 192.168.18.1
How did you check with pings ? Is that from an internal host to internal host ?
Can you verify with pings between spokes ? Please use internal interface of spokes for both source/destination addresses. And send me "show crypto session detail" from all routers both before and after you send pings.
One thing I overlooked in your spokes (both) config is about NAT as well. Please rearrange both deny entries first followed by permit entry.
access-list 100 deny ip 192.168.17.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 100 permit ip 192.168.17.0 0.0.0.255 any
access-list 100 deny ip 192.168.17.0 0.0.0.255 192.168.18.0 0.0.0.255