[c-nsp] VPN traffic to the Internet ... (ASA)

Ryan West rwest at zyedge.com
Mon Sep 7 12:53:16 EDT 2009


It can. You need allow same interface traffic and configure nat outside.

Sent from handheld.

On Sep 7, 2009, at 9:31 AM, "Garry" <gkg at gmx.de> wrote:

> Alan Buxey wrote:
>> Hi,
>>
>>>> What am I missing here?
>>
>> your ASA cannot be that IP - so is probably just dropping
>> those packets as invalid... what you need to do is set up a
>> proxy (eq squid) on your internal network that has an address
>> within the 'allowed IP range' and then configure the ASA to
>> use that proxy - your mobile clients can then use that
>
> So, say, I wouldn't have split tunneling - the ASA IOS isn't able to  
> let
> VPN clients get through to the Internet by doing a PAT or NAT on the  
> way
> out?
>
>
> -gg
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list