[c-nsp] VPN traffic to the Internet ...
Ryan West
rwest at zyedge.com
Wed Sep 2 08:09:28 EDT 2009
nat (outside) 1 VPN range and
Same-security intrainterface.
Sent from handheld.
On Sep 2, 2009, at 8:05 AM, "Garry" <gkg at gmx.de> wrote:
> After trying to get this to work for a while, I'm somewhat out of
> ideas ...
>
> I have a (otherwise working) VPN-connection from Windows clients
> (using
> Cisco VPN client) to an ASA, IP traffic from and to the internal
> network
> is working just fine. Now the problem comes up that the clients need
> to
> reach a site on the internet that is only accessable from certain IP
> ranges, which the mobile clients do not fall into.
>
> I thought, well, no problem, just extend the split tunneling to the
> destination IP. So far, so good, the client lists the destination in
> its
> list of tunneled IPs, and traffic to the destination is correctly sent
> through the tunnel. It is also correctly decoded on the ASA, but
> doesn't
> seem to go anywhere ...
>
> I've made sure that there's an internal rule allowing any access to
> that
> certain IP. I've also did a tcpdump on the destination to check if
> maybe
> the traffic isn't NATed correctly, but not a single packet is arriving
> through the ASA ...
>
> What am I missing here?
>
> Tnx, -garry
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list