[c-nsp] VPN traffic to the Internet ... (ASA)
Ryan West
rwest at zyedge.com
Mon Sep 7 12:53:16 EDT 2009
It can. You need allow same interface traffic and configure nat outside.
Sent from handheld.
On Sep 7, 2009, at 9:31 AM, "Garry" <gkg at gmx.de> wrote:
> Alan Buxey wrote:
>> Hi,
>>
>>>> What am I missing here?
>>
>> your ASA cannot be that IP - so is probably just dropping
>> those packets as invalid... what you need to do is set up a
>> proxy (eq squid) on your internal network that has an address
>> within the 'allowed IP range' and then configure the ASA to
>> use that proxy - your mobile clients can then use that
>
> So, say, I wouldn't have split tunneling - the ASA IOS isn't able to
> let
> VPN clients get through to the Internet by doing a PAT or NAT on the
> way
> out?
>
>
> -gg
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list