The type of configuration (as I said) depends on the software version you are running on the ASAs
On the ASA1 you would naturally also require the Crypto ACL addition but in reverse
access-list L2LVPN permit ip any
You would also have to make sure that you have the following command configured for the traffic to be able to come in through your ASA1 external interface and leave through it
same-security-traffic permit intra-interface
The ASA1 would also require Dynamic PAT for the users connecting from ASA2 Type A Client network. The configuration needed again depends on your ASAs software version.
Software 8.2 (or below)
If we presume the ASA1 already has this configuration (or something similiar)
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
Then you would need to add
nat (outside) 1
Software 8.3 (or above)
You should be able to simply add this
object network TYPE-A-CLIENT-PAT
nat (outside,outside) dynamic interface
Naturally the configurations you might need might differ slightly depending on the software level you are using and how you have configured the ASAs so far. Hard to say as we dont know neither of these things.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...