hi i established an ipsec tunnel between two sites now but don't have internet access anymore and cannot reach the other site from the internal networks.
The wan from the asa can ping the remote ip addres.
Do i need a rule like route inside 0.0.0.0 0.0.0.0 ip adress tunneled
Can someone help and complete the necessay command lines?Thank you
local sites needs to be routed to Branch Office vlan.
Subnets on remote site are 172.28.0.0/16,10.30.150.0/
My catalyst3750X stack performs the intervlan routing from the local vlans : vlan1(10.73.10.0/24)-vlan2
.0/24) default gateway on the catalyst3750x stack is the ip from his interface vlan1(10.73.10.10) ,gateway of last resort points to the lan ip from the asa.DHP server (server2K8) default gateway is also the CAT3750x interface vlan1(10.73.10.10).All the other clients ands servers uses the lan ip from the asa as def.gateway .
object-group network LOCAL-LAN
network-object 10.73.10.0 255.255.255.0
network-object 10.73.11.0 255.255.255.0
object-group network REMOTE-LAN
network-object 172.28.0.0 255.255.0.0
network-object 10.30.150.0 255.255.255.0
network-object 10.30.252.0 255.255.255.0
network-object 10.28.0.0 255.255.0.0
access-list NONAT extended permit ip object-group LOCAL-LAN object-group REMOTE-LAN
access-list CRYPTO-BRANCH extended permit ip object-group LOCAL-LAN object-group REMOTE-LAN
nat (inside) 0 access-list NONAT
crypto ipsec security-association lifetime seconds 3600
crypto ipsec transform-set VPNSET esp-3des esp-md5-hmac
crypto map VPNMAP 1 match address CRYPTO-BRANCH
crypto map VPNMAP 1 set peer 220.127.116.11
crypto map VPNMAP 1 set transform-set VPNSET
crypto map VPNMAP interface outside
crypto isakmp enable outside
crypto isakmp policy 10
tunnel-group 18.104.22.168 type ipsec-l2l
tunnel-group 22.214.171.124 ipsec-attributes