Does anyone have a working firewall config for an 871 router with SSL VPN that allows remote VPN users connecting with the SSL full tunnel svc to access everything on the office lan while also allowing local users full access to the internet. So far I have been unable to make this work. Using the firewall wizard in SDM breaks both the access through the SSL tunnel and blocks users on the local network from accessing the Internet. I also tried a sample firewall config I had found but that did not work either. I really need to get this locked down. I followed a previous suggestion to add virtual template support and re-enable the zone-based firewall but it still broke access in both directions even though the wizard recognizes the SSL firewall and adds exceptions. I don't understand why this is so difficult to set up. I really need to finish this project and any suggestions would be welcome. Attached is current config that works with no firewall enabled. I have the latest IOS and Anyconnect client from June. Thanks.