[c-nsp] VPN traffic to the Internet ... (ASA)
Garry
gkg at gmx.de
Mon Sep 7 01:47:54 EDT 2009
Garry wrote:
> After trying to get this to work for a while, I'm somewhat out of ideas ...
>
> I have a (otherwise working) VPN-connection from Windows clients (using
> Cisco VPN client) to an ASA, IP traffic from and to the internal network
> is working just fine. Now the problem comes up that the clients need to
> reach a site on the internet that is only accessable from certain IP
> ranges, which the mobile clients do not fall into.
>
> I thought, well, no problem, just extend the split tunneling to the
> destination IP. So far, so good, the client lists the destination in its
> list of tunneled IPs, and traffic to the destination is correctly sent
> through the tunnel. It is also correctly decoded on the ASA, but doesn't
> seem to go anywhere ...
>
> I've made sure that there's an internal rule allowing any access to that
> certain IP. I've also did a tcpdump on the destination to check if maybe
> the traffic isn't NATed correctly, but not a single packet is arriving
> through the ASA ...
>
> What am I missing here?
>
Nobody?
More information about the cisco-nsp
mailing list