Friends, i cofiged VPN site-to-site between ASA's... one side 5505 and other 5510... VPN is active, and works OK. but from 5505 inside hosts can not access internet and cannt PING as outside interface IP, as public outside IPs. static route outside ic correctly configed. and ICMP is permit (icmp permit any inside, icmp permit any outside)
Please check, you only permit VPN traffic for no nat, if you have any any in access-list your all traffic is going without nat, please modify the access-list to allow only VPN traffic for nonat and rest all for nat so that you can browse the internet,
U cant ping outside interface of firewall from inside, do the icmp inspect in policy map
(nat config) it exempt (nat) sourse - inside network 10.7.7.0/24 destination network 10.1.1.0/24. it means that only VPN connection traffic is permitted for nat.. i'm going to config PAT for inside host on the outside interface, to have access to the public resources (is this right solutions ???) except the nat should i configure ACL to permit IP protocol (have access inside host to outside ) ... ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...