i have 2 sites configured as L2L VPN's back to my ASA5520. one site is using a PIX525 and the other an ASA5505. i can access all resources on my private netwrok without issue and all traffic from the remote sites is "protected". the issue i'm having is that i cannot ping and external hosts. for example, if i attempt to ping 18.104.22.168 from a host at a remote site it times out. i can ping any resource one my "private" networks at any site without issue. any suggestions? thanks.
No, you don't need the "outside" keyword at the end of the statement..disregard the warning.
If you already have
global (outside) 1 interface
then just add..
nat (outside) 1 172.24.0.0 255.255.0.0
If you're relying on Internet access through the L2L tunnel (because you are tunneling everything), then you need to..
1) Either setup uturn and outside nat for the remote network on the headend ASA so the traffic can leave the same interface it came in on with a public IP address for the Internet:
nat (outside) 99
global (outside) 99 interface
same-security-traffic permit intra-interface
2) Set up a default tunnel gateway that points to an internal router that has access to the internet
route inside 0.0.0.0 0.0.0.0 tunneled