internal hosts cannot access the internet w / L2L configured tunnel

The internal hosts behind the ASA cannot access the internet with a configured tunnel to L2L. The L2L tunnel is mounted and passing traffic correctly. However, the internal host cannot access the internet through the ASA. I think I have my NAT watered somewhere. I can't even a host statically mapped to the internet. It might be because I'm used to having a WAN IP to the external interface which differs by the CIDR block assigned by the ISP. In this case, it's all together, with the ASA outside interface occupying the first available address.

We have been assigned a CIDR range x.x.x.64/28. x.x.x.65 is my front door and my first usable est.68, by the PSI (I guess what they utilisent.66 et.67 for internal use). External interface of the ASA est.68 and I'm trying to get NAT others. I'm Polo all DHCP clients internal and have some static entries as well. Below is the relevant NAT config. Yet once, all traffic passes above the tunnel properly, but not from inside to outside. If more information is needed, please advise.

interface outside

IP address x.x.x.68


Global x.x.x.69 - x.x.x.77 2 (outdoor)

Global 1 x.x.x.78 (outside)

NAT (inside) 0 access-list sheep

NAT (inside) 1

public static x.x.x.69 (inside, outside) STATIC_NAT_EXAMPLE netmask

internal access-group interface inside

Route outside x.x.x.65 1

internal to the ip access list allow any

! Remote LAN is

access-list sheep extended ip allow

Can you post a "show sysopt run?

Try this command to enable proxy arp.

No outside sysopt noproxyarp

Tags: Cisco Security

Similar Questions

Maybe you are looking for