I am trying to set up a p2p connection to a site where they want me to nat our ips to a different scheme.
Here is the relevant config
access-list INTERNETHUB2_cryptomap_60 extended permit ip 10.99.48.0 255.255.255.0 host 18.104.22.168
access-list policy_nat extended permit ip 172.30.5.0 255.255.255.0 host 22.214.171.124
static (VLAN1,INTERNETHUB2) 10.99.48.0 access-list policy_nat
crypto map INTERNETHUB2_map 60 match address INTERNETHUB2_cryptomap_60
crypto map INTERNETHUB2_map 60 set peer 126.96.36.199 188.8.131.52
crypto map INTERNETHUB2_map 60 set transform-set ESP-3DES-SHA
tunnel-group 184.108.40.206 type ipsec-l2l
tunnel-group 220.127.116.11 ipsec-attributes
tunnel-group 18.104.22.168 type ipsec-l2l
tunnel-group 22.214.171.124 ipsec-attributes
needless to say this is not working, When I try to ping 126.96.36.199 from a machine on the 172.30.5 subnet the ASA device receives it but does not even try to bring up the tunnel. What have I done wrong?
I have this problem too.