Manny, As an ASA doesn't support a E1 interface how are you terminating this connection prior to accepting the traffic? How does the inside access list correlate to the Branch traffic? What is the name of the interface you are bringing the Branch traffic in from? This is any easy fix but you haven't provided any real information here.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of MANNY Omari Sent: Thursday, January 20, 2011 9:22 AM To: [email protected] Subject: [OSL | CCIE_RS] Internet with IPSec; Dear All, I will highly appreciate any help in this regard, one of our branches connected through E1 circuit with IPSec tunnel is unable to use Internet from HQ, Below is the topology, HQ - ASA 5510-------------E1------------------ Router - Branch ---- LAN ASA has interfaces, E0/0 = E1 connecting branch.. E0/1 = HQ LAN E0/2 = Internet Below is the NAT and the ACL for interesting traffic config on ASA global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 nat (inside) 0 access-list 101 access-list 101 per ip 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 Everything is working fine except that users in the branch unable to access the Internet through HQ i don't think if the NAT configuration on ASA is correct in order for the branch users to be able to access the internet, and also I'm not doing any NAT on branch router. Anyone with any help please... Kind Regards, _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
