This is what I have.
Internal Network: 192.168.0.0/16
Outside patted interface: 126.96.36.199
ASA5520 setup for VPN.
ASA5520 gives out IP 192.168.3.0/24
Split-tunneling is enabled and tunnels 192.168.0.0/16
In the split-tunnel list I also add a public IP 188.8.131.52/24
I connect with the VPN and get IP 192.168.3.60 which is correct.
I see that VPN has created routes for me:
192.168.3.0 / 24 via 192.168.3.60
192.168.0.0 / 16 via 192.168.3.60
184.108.40.206 / 24 via 192.168.3.60
My objective is to access 220.127.116.11 from the VPN as if it is comming from the patted (18.104.22.168) outside interface on the firewall.
Using the VPN wizard I get an exemption for any traffic to 192.168.3.0.
Keep in mind all 192.168.0.0/16 traffic uses pat for internet access.
I try accessing 22.214.171.124 on port 80 and get this.
6|Dec 19 2007|14:25:08|106015|126.96.36.199|188.8.131.52|Deny TCP (no connection) from 184.108.40.206/80 to 220.127.116.11/8699 flags ACK on interface outside
6|Dec 19 2007|14:25:06|302013|192.168.3.60|18.104.22.168|Built inbound TCP connection 224060 for outside:192.168.3.60/1275 (192.168.3.60/1275) to outside:22.214.171.124/80 (126.96.36.199/80) (user)
Is there anyway I can fix this with out disabling split-tunneling?
Do I need some natting somewherE?