Thank you for quick reply! Yes I have 2 seperate VPN connection alternatives with 2 seperate Group policys. One with Split-tunnel and one with with Full tunneling.

/Anders

Old

Hi again! I´m starting to loose my hair over this.

I have tried:

object network VPNgrp

subnet 192.168.250.0 255.255.255.0

nat (A3_WAN,A3_WAN) dynamic interface

The VPNGrp is 192.168.250.0/24

What am I missing? Can it be that I get a IPv6 address as well as an IPv4 adress?

I´ve even tried a new Profile with a new Group policy. Same result. No internet from VPN computer.

I can reach the network and the server, but my own computer does not have Internet connection.

I have changed the first comment with a new running config.

Thanks for all help so far!

Can't get it to work, checked with other configs out in the wild and can see that I miss out on

route outside 192.168.250.0 255.255.255.0 xxx.xxx.xxx.xxx (A3_WAN) 1

Can that be it?

Old

You got any inputs?

Tried several guides and nothing seems to help with the problem.

I will erase all that has to do with the vpn and start over tomorrow.

What would be the correct way to set this up?

Outside = A3_WAN

Inside = AH_LAN

Network object VPNgrp

192.186.250.0 255.255.255.0

Ip pool for vpn VPN_IP_Pool

192.168.250.1 - 192.168.250.254 255.255.255.0

What would be the correct NAT and ACL/ACE config for this to work. Full tunnel with everything passing the ASA including internet traffic.

Group policy is:

Name:FullTunnel

Method AAA

AAA Server LOCAL

Client Adress Pool VPN_IP_Pool 192.168.250.1-192.168.250.254 255.255.255.0

Group Policy: GroupPolicyFullTunneling

DNS Server 192.168.0.250

domain: company.local

Split tunneling:

Send all DNS Lookups Through Tunnel

Policy: Tunnel All Network

Network List: Inherit (Should it be any specific for Full Tunneling?)

Everything else is Inherit.

Is there anything wrong in the policy?

What commands would I need to use to get this to work with full tunneling?

Big thanks in advance!

/ Anders