Cisco ASA 5505
We have Remote VPN working and we can access our office network from a remote VPN client, and the other way around also.
We would now like to extend this config, so that when accessing a set of IPs on the internet (our website), any remote VPN clients must route their traffic over the VPN (so the website sees our office IP, not the remote client's internet IP)
VPN Pool: 192.168.4.0/24
External IP of website is within the group 'rackspace-public-ips'
We can successfully ping from 192.168.2.0 <> 192.168.4.0
We can successfully access public internet addresses. However when we enable a split tunnel, we cannot access the 'rackspace-public-ips'
address any more.
access-list vpn_splitTunnelAcl_1 standard permit 192.168.2.0 255.255.255.0
access-list vpn_splitTunnelAcl_1 standard permit x.x.x.x 255.255.255.252
access-list vpn_splitTunnelAcl_1 standard permit x.x.x.x 255.255.255.248
(where x.x.x.x are the individual IPs defined within the rackspace-public-ips group)
access-list officenetwork_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_1 192.168.4.0 255.255.255.0
object-group network officenetwork-network
object-group network DM_INLINE_NETWORK_1
network-object 192.168.2.0 255.255.255.0
global (publicinternet) 1 interface
nat (officenetwork) 0 access-list officenetwork_nat0_outbound
nat (officenetwork) 1 0.0.0.0 0.0.0.0
route publicinternet 0.0.0.0 0.0.0.0 192.168.3.1 1
group-policy vpn attributes
dns-server value 192.168.2.199
split-tunnel-network-list value vpn_splitTunnelAcl_1
default-domain value office.internal
split-dns value office.internal
What am I missing guys?