[c-nsp] VPN traffic to the Internet ... (ASA)
Garry
gkg at gmx.de
Mon Sep 7 09:19:06 EDT 2009
Alan Buxey wrote:
> Hi,
>
>>> What am I missing here?
>
> your ASA cannot be that IP - so is probably just dropping
> those packets as invalid... what you need to do is set up a
> proxy (eq squid) on your internal network that has an address
> within the 'allowed IP range' and then configure the ASA to
> use that proxy - your mobile clients can then use that
So, say, I wouldn't have split tunneling - the ASA IOS isn't able to let
VPN clients get through to the Internet by doing a PAT or NAT on the way
out?
-gg
More information about the cisco-nsp
mailing list