I suggest that you configure a proxy server for Internet Traffic, you can use it as cache or accelerator, only if you want user surf to the outside internet over that tunneled connection. By this way, you can control what kind information is allowed when they connect to corporate network.
On Mon, Jan 5, 2009 at 11:48 AM, Tim Franklin <[email protected]> wrote: > On Mon, January 5, 2009 3:38 pm, Networkers wrote: > > > I¹ve taken a look at > > some sample configs on the Cisco site but they all seem to be similar to > > this. My thinking is that the dial pool doesn¹t get NATed properly, but > > I¹m unsure on what to do to the config to fix this. Normal 192.168.100.x > > Ethernet-connected PCs in the home office can surf and do everything just > > fine. > > > > Can someone offer a tidbit? > > You're correct in that it's the NAT - traffic from the VPN clients isn't > going from an 'inside' interface to an 'outside' one, so it won't be > NAT'd. > > Is there any reason they can't just use whatever Internet access they're > already using to get the VPN connection, ie split tunnelling? > > Regards, > Tim. > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- "The network is the computer" _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
