[c-nsp] VPN traffic to the Internet ...
Garry
gkg at gmx.de
Wed Sep 2 07:58:25 EDT 2009
After trying to get this to work for a while, I'm somewhat out of ideas ...
I have a (otherwise working) VPN-connection from Windows clients (using
Cisco VPN client) to an ASA, IP traffic from and to the internal network
is working just fine. Now the problem comes up that the clients need to
reach a site on the internet that is only accessable from certain IP
ranges, which the mobile clients do not fall into.
I thought, well, no problem, just extend the split tunneling to the
destination IP. So far, so good, the client lists the destination in its
list of tunneled IPs, and traffic to the destination is correctly sent
through the tunnel. It is also correctly decoded on the ASA, but doesn't
seem to go anywhere ...
I've made sure that there's an internal rule allowing any access to that
certain IP. I've also did a tcpdump on the destination to check if maybe
the traffic isn't NATed correctly, but not a single packet is arriving
through the ASA ...
What am I missing here?
Tnx, -garry
More information about the cisco-nsp
mailing list