[c-nsp] VPN traffic to the Internet ...

Garry gkg at gmx.de
Wed Sep 2 07:58:25 EDT 2009

After trying to get this to work for a while, I'm somewhat out of ideas ...

I have a (otherwise working) VPN-connection from Windows clients (using
Cisco VPN client) to an ASA, IP traffic from and to the internal network
is working just fine. Now the problem comes up that the clients need to
reach a site on the internet that is only accessable from certain IP
ranges, which the mobile clients do not fall into.

I thought, well, no problem, just extend the split tunneling to the
destination IP. So far, so good, the client lists the destination in its
list of tunneled IPs, and traffic to the destination is correctly sent
through the tunnel. It is also correctly decoded on the ASA, but doesn't
seem to go anywhere ...

I've made sure that there's an internal rule allowing any access to that
certain IP. I've also did a tcpdump on the destination to check if maybe
the traffic isn't NATed correctly, but not a single packet is arriving
through the ASA ...

What am I missing here?

Tnx, -garry

More information about the cisco-nsp mailing list