05-08-2008 08:01 PM - edited 02-21-2020 02:00 AM
First time post, hope this question is in the correct location.
Have configured a 2821 successfully to accept VPN connections from clients. They log in, have access to the internal network (192.168.252.0/24), so no problem there. They just simply cannot get back out on the Internet and I would prefer disallowing split tunneling. Rather, they can access my internal work network via VPN and then route out my network and also browse the Internet; i.e. force them back out through Gi0/0 and make them have one of our external facing IP addresses. Our viable outside addresses consist of a /25 block, starting with 64.244.xx.1 up to .127.
Since users connect on Gi0/0 for VPN access or to 64.244.xx.2, I was wondering if it were possible to force them back out this same port for Internet connectivity?
I have tried giving them an IP in the 172.16.11.0/27 block and then NAT'ing that connection out, but to no avail. I'd rather prefer setting aside some IPs in the outside block or 64.244.xx.x subnet and have it appear they originate from .92 through .127.
We also have a collocation facility elsewhere. By forcing them to use our outside IP addresses, I can make them appear to be coming from my office network and can firewall all other users, thereby allowing only my users in.
Is what I am asking here even possible without enabling VPN split tunneling?
Am including my current config. Any suggestions are appreciated and welcome.
Thanks much. Happy to provide any additional information.
05-08-2008 08:04 PM
Apologies for the long message. IN a nutshell, just want to route connected VPN users back out Gi0/0 for Internet connectivity, giving them an outside IP.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide