[c-nsp] VPN traffic to the Internet ...

Ryan West rwest at zyedge.com
Mon Sep 7 13:43:01 EDT 2009


Garry,

I sent this to you on the 2nd, did you ever try it?

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml


-ryan

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ryan West
Sent: Wednesday, September 02, 2009 8:09 AM
To: Garry
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] VPN traffic to the Internet ...

  nat (outside) 1 VPN range and
Same-security intrainterface.

Sent from handheld.

On Sep 2, 2009, at 8:05 AM, "Garry" <gkg at gmx.de> wrote:

> After trying to get this to work for a while, I'm somewhat out of  
> ideas ...
>
> I have a (otherwise working) VPN-connection from Windows clients  
> (using
> Cisco VPN client) to an ASA, IP traffic from and to the internal  
> network
> is working just fine. Now the problem comes up that the clients need  
> to
> reach a site on the internet that is only accessable from certain IP
> ranges, which the mobile clients do not fall into.
>
> I thought, well, no problem, just extend the split tunneling to the
> destination IP. So far, so good, the client lists the destination in  
> its
> list of tunneled IPs, and traffic to the destination is correctly sent
> through the tunnel. It is also correctly decoded on the ASA, but  
> doesn't
> seem to go anywhere ...
>
> I've made sure that there's an internal rule allowing any access to  
> that
> certain IP. I've also did a tcpdump on the destination to check if  
> maybe
> the traffic isn't NATed correctly, but not a single packet is arriving
> through the ASA ...
>
> What am I missing here?
>
> Tnx, -garry
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list