This is what I have.
Internal Network: 192.168.0.0/16
Outside patted interface: 66.66.66.66
ASA5520 setup for VPN.
ASA5520 gives out IP 192.168.3.0/24
Split-tunneling is enabled and tunnels 192.168.0.0/16
In the split-tunnel list I also add a public IP 209.12.12.0/24
I connect with the VPN and get IP 192.168.3.60 which is correct.
I see that VPN has created routes for me:
192.168.3.0 / 24 via 192.168.3.60
192.168.0.0 / 16 via 192.168.3.60
209.12.12.0 / 24 via 192.168.3.60
My objective is to access 209.12.12.15 from the VPN as if it is comming from the patted (66.66.66.66) outside interface on the firewall.
Using the VPN wizard I get an exemption for any traffic to 192.168.3.0.
Keep in mind all 192.168.0.0/16 traffic uses pat for internet access.
I try accessing 209.12.12.15 on port 80 and get this.
6|Dec 19 2007|14:25:08|106015|209.12.12.15|66.66.66.66|Deny TCP (no connection) from 209.12.12.15/80 to 66.66.66.66/8699 flags ACK on interface outside
6|Dec 19 2007|14:25:06|302013|192.168.3.60|209.12.12.15|Built inbound TCP connection 224060 for outside:192.168.3.60/1275 (192.168.3.60/1275) to outside:209.12.12.15/80 (209.12.12.15/80) (user)
Is there anyway I can fix this with out disabling split-tunneling?
Do I need some natting somewherE?