Re: Internet with IPSec;

can you try the same-security-traffic permit inter-interface command
i think internet traffic is dropped between outside and internet
interfaces on the ASA bcos they have the same security level , but
traffic from branch to the HQ lan is permitted because they have
different security levels.

On 1/20/11, Manouchehr Omari <manouchehr1979_at_gmail.com> wrote:
> Hello Piotr,
>
> Here is the output,
>
>
> sh nameif
>
> Interface Name Security
> Ethernet0/0 outside 0
> Ethernet0/1 inside 100
> Ethernet0/2 INTERNET 0
>
>
> Kind Regards,
>
>
> On Thu, Jan 20, 2011 at 12:57 PM, Piotr Matusiak <pitt2k_at_gmail.com> wrote:
>
>> Hi,
>>
>> What are the interface names and security levels on the ASA? Can you send
>> output of the command show nameif
>>
>> Regards,
>> --
>> Piotr Matusiak
>> CCIE #19860 (R&S, Security), CCSI #33705
>> Technical Instructor
>> website: www.MicronicsTraining.com
>> blog: www.ccie1.com
>>
>> If you can't explain it simply, you don't understand it well enough -
>> Albert Einstein
>>
>>
>> 2011/1/20 Manouchehr Omari <manouchehr1979_at_gmail.com>
>>
>>> Dear All,
>>>
>>> I will highly appreciate any help in this regard, one of our branches
>>> connected through E1 circuit with IPSec tunnel is unable to use Internet
>>> from HQ, Below is the topology,
>>>
>>>
>>>
>>> HQ - ASA 5510-------------E1------------------ Router - Branch ---- LAN
>>>
>>>
>>> ASA has interfaces,
>>>
>>> E0/0 = E1 connecting branch..
>>> E0/1 = HQ LAN
>>> E0/2 = Internet
>>>
>>> Below is the NAT and the ACL for interesting traffic config on ASA
>>>
>>> global (outside) 1 interface
>>> nat (inside) 1 0.0.0.0 0.0.0.0
>>> nat (inside) 0 access-list 101
>>>
>>> access-list 101 per ip 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0
>>>
>>> Everything is working fine except that users in the branch unable to
>>> access
>>> the Internet through HQ i don't think if the NAT configuration on ASA is
>>> correct in order for the branch users to be able to access the internet,
>>> and
>>> also I'm not doing any NAT on branch router. Anyone with any help
>>> please...
>>>
>>> Kind Regards,
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Warm Regards,
Eseosa
CCIE #23782
You can learn anything just develop the right quantity of interest.
Blogs and organic groups at http://www.ccie.net