I am trying to set up a p2p connection to a site where they want me to nat our ips to a different scheme.
Here is the relevant config
access-list INTERNETHUB2_cryptomap_60 extended permit ip 10.99.48.0 255.255.255.0 host 22.214.171.124
access-list policy_nat extended permit ip 172.30.5.0 255.255.255.0 host 126.96.36.199
static (VLAN1,INTERNETHUB2) 10.99.48.0 access-list policy_nat
crypto map INTERNETHUB2_map 60 match address INTERNETHUB2_cryptomap_60
crypto map INTERNETHUB2_map 60 set peer 188.8.131.52 184.108.40.206
crypto map INTERNETHUB2_map 60 set transform-set ESP-3DES-SHA
tunnel-group 220.127.116.11 type ipsec-l2l
tunnel-group 18.104.22.168 ipsec-attributes
tunnel-group 22.214.171.124 type ipsec-l2l
tunnel-group 126.96.36.199 ipsec-attributes
needless to say this is not working, When I try to ping 188.8.131.52 from a machine on the 172.30.5 subnet the ASA device receives it but does not even try to bring up the tunnel. What have I done wrong?
I have this problem too.