[c-nsp] VPN traffic to the Internet ... (ASA)

Garry gkg at gmx.de
Mon Sep 7 09:19:06 EDT 2009


Alan Buxey wrote:
> Hi,
> 
>>> What am I missing here?
> 
> your ASA cannot be that IP - so is probably just dropping
> those packets as invalid... what you need to do is set up a
> proxy (eq squid) on your internal network that has an address
> within the 'allowed IP range' and then configure the ASA to
> use that proxy - your mobile clients can then use that

So, say, I wouldn't have split tunneling - the ASA IOS isn't able to let
VPN clients get through to the Internet by doing a PAT or NAT on the way
out?


-gg


More information about the cisco-nsp mailing list